Hello,
We're currently using form-based authentication (i.e.
auth-methodFORM/auth-method) but, as I suspect many people have
found, it's rather limited.
One requirement we have is enforced password changes in certain
scenarios. Currently the approach we were thinking of using is as
follows
From: Peter Bright [mailto:[EMAIL PROTECTED]
Subject: Form Based Authentication
It's point (c) that's proving problematic; there's no way to
reauthenticate that I can see.
What happens if you just invalidate the existing session?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: 11 October 2005 17:18
To: Tomcat Users List
Subject: RE: Form Based Authentication
From: Peter Bright [mailto:[EMAIL PROTECTED]
Subject: Form Based Authentication
It's point (c) that's proving
From: Peter Bright [mailto:[EMAIL PROTECTED]
Subject: RE: Form Based Authentication
It's point (c) that's proving problematic; there's no way to
reauthenticate that I can see.
What happens if you just invalidate the existing session?
The user gets logged out.
Exactly
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: 11 October 2005 17:23
To: Tomcat Users List
Subject: RE: Form Based Authentication
From: Peter Bright [mailto:[EMAIL PROTECTED]
Subject: RE: Form Based Authentication
It's point (c
seconds ago :)
I suppose if I had to allow that automatic authentication, I would NOT
destroy the session and instead just redirect to the first protected
resource of the app from the change PW screen. Since the user was let in
the first time around, they are really authenticated already. In essence
I have looked at the source code and it seems to me that presented
client certificates are only checked for their validity dates, and NOT
for whether they have been revoked. I am able to access my Tomcat site
with a revoked certificate.
It is easy to implement OCSP and/or CRL checking, so I
James Rome wrote:
Why don't my methods get called? The start() method gets called, but
nothing else.
Take a look at
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/authenticator/package-summary.html
Mark
Peddireddy Srikanth wrote:
Hi all,
I have a basic doubt If there are any resoursec which will me on this
please point me towards them. I will carry on from there.
My question is how to combine the form based authentication, where we use
jsecuritycheck , jusername etc with https.
As far as I
sree kanth wrote:
Hi all,
i have been developing on JSP's for the last one year,but still i have never
implemented form based authentication.
Can any one help me in implenting form based authentication?
Thank you all
Sreekanth
Very basic example:
Put login.jsp and error.jsp in the root of your
Hi all,
i have been developing on JSP's for the last one year,but still i have never
implemented form based authentication.
Can any one help me in implenting form based authentication?
Thank you all
Sreekanth
authentication.
Can any one help me in implenting form based authentication?
Thank you all
Sreekanth
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi all,
I have a basic doubt If there are any resoursec which will me on this
please point me towards them. I will carry on from there.
My question is how to combine the form based authentication, where we use
jsecuritycheck , jusername etc with https.
As far as I know if we use form based
I've been told our working application must coexist with other
applications using BASIC authentication, the same domain name and a
shared authentication store to achieve single sign on (SSO).
Our application has been working fine without IIS or Apache sitting in
front of it. The application
From: Tracy Spratt [mailto:[EMAIL PROTECTED]
Subject: Can the Tomcat authentication module use an ASP.NET
security token?
I have a Tomcat app (MM Flex app) that is called from an asp.net
application which is secured by forms (cookie-based) authentication.
(NOT NTLM / Windows Integrated
Hi,
Im using Tomcat Form-based Authentication with a JDBC realm, this is working
ok for all my pages that are protected trough web.xml with
security-constraint
web-resource-collection
web-resource-nameAll System/web-resource-name
url-pattern*.do/url-pattern
url-pattern
No solution. You can filter prefix, or suffix, but not both.
-Tim
Marquez, Omar wrote:
Hi,
Im using Tomcat Form-based Authentication with a JDBC realm, this is working
ok for all my pages that are protected trough web.xml with
security-constraint
web-resource-collection
web
I have a Tomcat app (MM Flex app) that is called from an asp.net
application which is secured by forms (cookie-based) authentication.
(NOT NTLM / Windows Integrated)
I don't want the user to have to log in again.
I have a programmatic solution in mind, but it is going to be
comparitively ugly
that do not have their own authentication.
How do I configure tomcat to give me access to my webapps when I login
correctly?
Thanks,
Paul
--
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
[EMAIL PROTECTED]
Tel: +44(0)7050 699971
Fax: +44(0)7050 699972
authentication.
How do I configure tomcat to give me access to my webapps when I login
correctly?
Thanks,
Paul
--
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
[EMAIL PROTECTED]
Tel: +44(0)7050 699971
Fax: +44(0)7050 699972
not have their own
authentication.
How do I configure tomcat to give me access to my webapps when I login
correctly?
Thanks,
Paul
--
Paul Mackinlay (PhD, MEng)
http://www.webotech.co.uk/
[EMAIL PROTECTED]
Tel: +44(0)7050 699971
Fax: +44(0)7050 699972
Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I tried to
connect the URL configured on the secure realm from IE 6.0. Presto
http://www.devx.com/DevX/Article/21911
Chandan Gupta [EMAIL PROTECTED] wrote:
Hi,
Im trying to use Digest authentication with an AXIS web service hosted on
Tomcat 5.0.28. The problem is in setting up Digest authentication for
Tomcat. I did as was written in HOW-TO setting up a JDBC realm, I
On 9/15/05, bachoo jahnkar [EMAIL PROTECTED] wrote:
Im trying to use Digest authentication with an AXIS web service hosted on
...
connect the URL configured on the secure realm from IE 6.0. Presto whatever
I tried I always got 401. Once i changed authentication back to basic,
things started
or a user didn't work though. To confirm I was running into
a (solved) bug I tested on 5.5.11 and indeed authentication works fine
there with identical configuration.
So my question is threefold:
- Is the bug above the problem I am running into or is it something else
- Is there a workaround
purposes want to use my local PC's Windows's username and
passwords for Tomcat's authentication how that can be done? In this
case I would have only my own PC running Windows without Windows
Network Servers.
Can anyone give any tips to these questions?
Cheers
http://jcifs.samba.org/
If you want more information let me know and I will send you the code
-Original Message-
From: john polinsky [mailto:[EMAIL PROTECTED]
Sent: 07 September 2005 11:28
To: tomcat-user@jakarta.apache.org
Subject: Windows Authentication in Tomcat
Hello there,
How
Hello,
If you really can send me that code that would make my life
much easier!
Thanks,
john_polinsky (at) suomi24.fi
Cheers!
Message
Lähettäjä: [EMAIL PROTECTED]
Päivämäärä: 2005/09/07 13:31
Vastaanottaja: Tomcat Users Listtomcat-
[EMAIL PROTECTED]
Aihe: RE: Windows Authentication
Hi,
Need to override the default certificate authentication to provide some own
validation. Need to embed some new extensions in the certificate and
validate them
Got the following information but having problems doing what is explained
1. Write new SSLImplementation subclassing
My web application uses tomcat 5.5.10. By using basic authentication,
the application works fine.
By using the form based authentication, if I submit a invalidate
username/password, appication seems worked, a error.jsp was showed up.
But if I submit a valid username/password, I got a HTTP Status
Has anyone here used securityfilter for authetntication? The samples
doesn't have any database realm example. If anyone got this working
using db for authetnication pls let me know, I would like to ask some
questions
thanks
-
Hi Mark,
I'm using SecurityFilter in my application successfully . What are your
questions?
Regards,
--
Andrew Stepanenko,
Software engineer,
Ukrainian-Dutch Faculty of Economics and Management
Ternopil State Economic University
Shevchenko Street 9, Office 24-25
Ternopil, 46000 UKRAINE
Tel:
for authentication
Hello Mark,
says jdbcrealm[null]
I remember I also had this error but don't remember exactly a
workaround. Checkout that you have a security filter .jar file in your
WEB-INF/lib directory
and also inspect tomcat log files.
Regards,
Andrew.
Mark Goking wrote:
Hi this is my realm. I
Hi All,
I'm using client authenticate for my website (Tomcat 5.0.28) and everything
works great. However, I had an idea for something I wanted to try, and I
need to know if its possible.
Would I be able to prompt for client certificates ONLY if a certain request
parameter was present (and
From: Wendy Smoak [EMAIL PROTECTED]
I have a standalone Tomcat 5.0 instance, and a third-party webapp that has
support for authentication via LDAP. Of course, we don't have LDAP, we
have Kerberos. It should be a simple matter to plug in a different Realm,
right?
Replying to myself
Does anyone know if there's a way to specify multiple LDAP servers for
authentication? In case one LDAP server is down, I want tomcat to switch over
to the other one. Is it possible?
Thanks
--
Bhupinder
-
To unsubscribe, e
I have a standalone Tomcat 5.0 instance, and a third-party webapp that has
support for authentication via LDAP. Of course, we don't have LDAP, we have
Kerberos. It should be a simple matter to plug in a different Realm, right?
I'm finding it hard to believe that no one has done this (Tomcat
-Original Message-
From: Ben Ricker [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 13, 2005 6:04 PM
To: Tomcat Users List
Subject: Re: How to Configure IIS/Tomcat to perform basic authentication
To answer your question, it would help to at least include the
relevant OS and tomcat version
I cannot get this to work. It works for all other sites besides ones
that have j_username j_password. It always comes back to the login
page. I see other messageboards via google that have the same problem,
but there is no answer.
form method=POST action='/cpvs/login'
input type=hidden
Hi,
I would like to use the configured realm to authenticate users but I
don't want to use the standard J2EE mechanism (for many reasons).
Also, my needs for authorisations are not limited to URLs and are more
fine-grained. Since I configured a JNDI realm I wanted to access the
reamù in my webapp
Hi again,
I just discovered bug 33157: basic authentication fails in some cases,
reported in Tomcat 5.5.4.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33157
It doesn't describe my exact problem, but it's the best theory so far.
Unfortunately the hosting provider is unlikely to install
authentication, so the browser pops up a dialog in response to the 401.)
Occasionally it gives up and shows the 401 Unauthorized error page instead.
This problem is reproducible across several browsers on Windows 2000
(IE6, Firefox, Opera, lynx ...). The Authorization header is the same
for both
From: Abdullah Abdullah [EMAIL PROTECTED]
Reply-To: Tomcat Developers List tomcat-dev@jakarta.apache.org
To: tomcat-dev@jakarta.apache.org
Subject: How to do authentication and secure line HTTPS (SSL) Date: Wed, 20
Jul 2005 10:50:01 +0100
Dear all
Actually, I would like to ask you that how
Dear all
Actually, I would like to ask you that how can I do authentication and
secure line HTTPS (SSL) for my web pages ? It is worth mentioning that I am
using JSP and Tomcat 5.5.9 .
Thank you in advance.
Regards
Abdullah
Please read
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
Regards,
Yasir Khan
- Original Message -
From: Abdullah Abdullah
To: tomcat-user@jakarta.apache.org
Sent: Thursday, July 21, 2005 2:43 PM
Subject: How to do authentication and secure line HTTPS (SSL
Bill Barker wrote:
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have done the trick
if we replaced it, but I can't find any references to it in the latest
source
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have done the trick
if we
Bill Barker wrote:
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have
Bill Barker wrote:
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have
Bill Barker wrote:
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Hi,
I've been looking into possibly replacing Tomcat's authentication with
our own functionality. It looks like there use to be a class called
SimpleRealm in the older Tomcat versions that would have
Hi all,
I have been trying to configure IIS/Tomcat to perform basic
authentication and have not had any success yet,
I would appreciate it if someone could give me some pointers on how to
make this to work.
Thanks,
Ike
Hi all,
I have been trying to configure IIS/Tomcat to perform basic
authentication and have not had any success yet,
I would appreciate it if someone could give me some pointers on how to
make this to work.
Thanks,
Ike
Hi all,
I have been trying to configure IIS/Tomcat to perform basic
authentication
and have not had any success yet, I would appreciate it if someone could
give me some pointers on how to make this to work.
Thanks,
Ike
/tomcat/tomcat-5.0-doc/realm-howto.html.
You may be most interested in the Memory Realm if you want simple,
file-based auth.
Ben Ricker
On 7/13/05, Ikonne, Ike [EMAIL PROTECTED] wrote:
Hi all,
I have been trying to configure IIS/Tomcat to perform basic
authentication
and have not had any
and installed mod_jk so I can access webapps (specifically
davenport) through apache 2.
It works fine, until I try to go to a page that needs an authentication box.
Apache just returns a page saying:
Unauthorized
This server could not verify that you are authorized to access the document
requested
Title: Nachricht
Hello,
I want to use Tomcat
together with IIS to let IIS do the Windows based
authentication.
I've managed to
install and configure isapi_redirect-1.2.13, and everything seems to work. When
I call "request.getUserPrincipal()" in my servlet, I get a princi
client auth for certain apps.
How do i go about it.??
Regards Thanks
Mahesh S Kudva
-Original Message-
From: Bill Barker [EMAIL PROTECTED]
To: tomcat-user@jakarta.apache.org
Date: Fri, 1 Jul 2005 21:56:37 -0700
Subject: Re: Certificate Authentication for individual apps
Hi All
How can I have different certificate authentication for different applications
and skip certificate
authentication for some applications hosted on the same server.
Regards Thanks
Mahesh S Kudva
---
Robosoft
, app2, app3.
Now, we want a basic authentication scheme (later they probably want
something more but that's for then :-) where, when a user enters the URL
http://localhost/app1 he gets immediately a challenge request box for
login.
Now, how should I do this?
BB
Peter
Mahesh S Kudva wrote:
How can I have different certificate authentication for different applications and skip certificate
authentication for some applications hosted on the same server.
I believe that, at least under SSL, certificates authenticate
*servers* not applications
Configuation
--
Tommat 5.5.2
Windows XP
JDK 1.5
Requirement
--
I have a Security realm Authentication ready for a Web
Application linking to a Database. When the user sign
ups the form then he has to login into the application
through the signup form instead of directly
Hi All
Thanks for the note. May be I was not clear in my earlier mail.
I have client authentication using certificates. I want to skip client
auth for certain hosted applications on the server but preserve client
auth for other apps.
Regards Thanks
Mahesh S Kudva
Mahesh S Kudva [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi All
Thanks for the note. May be I was not clear in my earlier mail.
I have client authentication using certificates. I want to skip client
auth for certain hosted applications on the server but preserve client
:[EMAIL PROTECTED]
Sent: Monday, June 20, 2005 9:58 AM
To: Tomcat Users List
Cc: Tomcat Users List
Subject: Re: User authentication using Realms
Glad to hear you got it working so far! :)
Is your DSN name literally Simple JSP? If so, I suggest trying
something without a space in it... I have a feeling
I've finally (with lots of help) figured out how to do form-based user
authentication of a simple test JSP webapp. So far, so good ... it
seems to be working.
However, the database is a list of roles and users currently defined
in conf/tomcat-users.xml. While this worked fine while I
:
I've finally (with lots of help) figured out how to do form-based user
authentication of a simple test JSP webapp. So far, so good ... it
seems to be working.
However, the database is a list of roles and users currently defined
in conf/tomcat-users.xml. While this worked fine while I
Hi there,
I have two servlets. One is configured to listen to /forms/* and the
other to /documents/*.
I configured a security realm, so users need to use form based
authentication when accessing /forms/*.
Can I, in the same web.xml configure a second security realm that uses
basic
with the certificate/private key of the web server
and the CA certificate.
The client authentication only works if I add the CA certificate into the
$JAVA_HOME/jre/lib/security/cacerts. If the Tomcat keystore contains the CA
certificate but not the JDK keystore... the client authentication fails
[EMAIL PROTECTED] wrote:
Hi there,
I have two servlets. One is configured to listen to /forms/* and the
other to /documents/*.
I configured a security realm, so users need to use form based
authentication when accessing /forms/*.
Can I, in the same web.xml configure a second security realm
Manuel Gil Perez wrote:
The client authentication only works if I add the CA certificate into
the $JAVA_HOME/jre/lib/security/cacerts. If the Tomcat keystore contains
the CA certificate but not the JDK keystore... the client authentication
fails.
AFAIK this can't be done without some custom
For the following configuration:
Sun ONE / iPlanet 6.0sp5
NSAPI redirector from jakarta-tomcat-connectors-1.2.8
Tomcat 5.5 (embedded in JBoss 4.0.2)
All of the requests that get forwarded over the redirector require
authentication. The configuration works fine if the request body is less
than
authentication is supported.
That is fine, but how can I use the CLIENT-CERT information in my
applications?
In the client certificates should be a name and/or customer number in
the usual fields. I want my application to use e.g. the customer number
for further authorization.
(Please answer below the quote
Paul Puschmann wrote:
That is fine, but how can I use the CLIENT-CERT information in my
applications?
The certificate is exposed as a servlet attribute. You need to read
section SRV.4.7 of the servlet specification and if you search the
specification for certificate you will find some useful
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
we'd like to use our Tomcat with ssl and client certificates.
Does anybody know if the user information (of the user-certificate) can
be used to authenticate?
Tomcat is 5.5.7
Paul
- --
Linux-User #271918 with the Linux Counter,
Paul,
CLIENT-CERT authentication is supported.
Mark
Paul Puschmann wrote:
we'd like to use our Tomcat with ssl and client certificates.
Does anybody know if the user information (of the user-certificate) can
be used to authenticate?
Tomcat is 5.5.7
, then after I attempt
to clear the basic authentication, I am sent back to the form
authentication, then basic, then form, and on, and on. This tells me
that my server.xml is overriding my application.xml.
Here is my tomcat_home/webapps/application.xml :
Context path=/mrcjava/LNGDIST docBase=/mrcjava
I am currently using TC 5.0.28 http1.1-connector and JCIFS for authentication
in a webapp. Authentication is done completely within the webapp without using
TC methods and only when necessary.
This is working quite well except for few users, who are accessing over squid
proxy, which suppresses
In Tomcat 5.0.x Is it possible to for a servlet to get a client's
certificate without forcing the whole server to use client
authentication?
in server.xml:
clientAuth=true - stops everyone accessing via https
clientAuth=want - secure servlet displays no content
clientAuth=false
authentication before they can access
anything while still allowing our internal users on port 8080 (which
will not be accessible from the internet) access without authentication.
Basically, I am trying to make a secure extranet the lazy way without
annoying the existing intranet users.
Can anybody suggest
to do the authentication that way too. Just my 2 cents.
--Dan
-Original Message-
From: Daniel Rigal [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 9:09 AM
To: tomcat-user@jakarta.apache.org
Subject: Different Authentication Requirements Based On Connector, Port
or Protocol?
Hi
).
- Client authentication is part of SSL. It is during the SSL hand-shake
that the server will request the client certificate. So the short
answer would be: NO you can not implement this without SSL.
- The CA the server requires for the client certificates can be
completely unrelated
Thank you ever so much. The certificates will be for a subset of my clients
and so I am not that worried. I really appreciate your help.
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: 23 May 2005 23:13
To: Tomcat Users List
Subject: Re: Client Authentication
Thanks Philip.. ever so much help. I really appreciate this!
-Original Message-
From: Philippe Johan [mailto:[EMAIL PROTECTED]
Sent: 24 May 2005 08:55
To: tomcat-user@jakarta.apache.org
Subject: RE: Client Authentication certificates
Hi Mark,
To answer your questions:
- You can
, before doing the dispatcher.forward(request,response), I
rewrite the http header to be basic authentication in an effort to trick
Tomcat into re-authenticating for this page.
response.setStatus(response.SC_UNAUTHORIZED); // Ie 401
response.setHeader(WWW-AUTHENTICATE,BASIC
Morning all..
I have a web app and for certain areas of the site I wish to restrict access
to a Client Authentication certificate. I want to generate a root
Certificate for my company domain and then sub domains for a variety of
customers. Then I wish to be able to generate certificates
Authentication certificates
Morning all..
I have a web app and for certain areas of the site I wish to restrict access
to a Client Authentication certificate. I want to generate a root
Certificate for my company domain and then sub domains for a variety of
customers. Then I wish to be able
to a Client Authentication certificate. I want to generate a root
Certificate for my company domain and then sub domains for a variety of
customers. Then I wish to be able to generate certificates for certain users
within these sub domains.
My questions are:
Can I build a root certificate
Hello,
I am running Tomcat 5.5.9 on Windows 2000. I configured the ISAPI
redirector (version 1.2.12) so that Tomcat worked along with IIS and
everything seemed to work fine, but...
I have a Tomcat application which requires basic authentication. Everything
works fine if I access from http
you get) is the verification of the entity that posses the
private key associated with the certificate.
Can I implement the Client Authentication on a server which does not have
SSL implemented?
No. SSl is a pre-reqisite for CLIENT-CERT authentication
Can I implement the Client Authentication
I suspect the IE and IIS are conspiring to use Windows Native
Authentication. I think this is a browser setting where IE tries this by
default if talking to IIS.
The settings should be under something like:
IE Tools Internet options security custom level user
authentication
I can't
Just a follow-up to let others know how this worked out.
The fix turned out to be pure load balancer configuration. Cisco Support
instructed us to use the CSS load balancer's urlrewrite feature to ensure
that the HTTP 302's after Tomcat-managed authentication come back targeting the
correct
and client.p12 to the clients machine.
In your server.xml file enable client authentication by changing
clientauth=true and that's it.
Regards Thanks
Mahesh S Kudva
-Original Message-
From: Mahesh S Kudva [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
-mail: [EMAIL PROTECTED]
office phone: 616-717-6972
Hari Mailvaganam [EMAIL PROTECTED] 2005-05-11 1:34 PM
A couple of suggestions:
- force all traffic on load balancer to/from extrenal world to SSL.
- after form authentication on Tomcat, redirect users to the URL used
by the load balancer - i.e
Hi All
Ho do i go about with clien Authentication
Regards Thanks
Mahesh S Kudva
-Original Message-
From: Mahesh S Kudva [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Date: Tue, 10 May 2005 20:51:08 +0530
Subject: Re: Client Authentication
Hi
Never Mind - It was permissions on the tomcat-users.xml file. Duh!
-Original Message-
From: David B. Saul [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 12, 2005 7:37 PM
To: 'Tomcat Users List'
Subject: Form Based Authentication
Having a problem being challenged on Linux.
Form based
Having a problem being challenged on Linux.
Form based using the tomcat-users.xml file works under windows.
However, when same code is deployed to Linux the page is never challenged.
I checked server.xml on both platforms as well as the specific webapp.
Even built a Hello World example to
If the authentication is realized by the container (the realm), you can't
access the request before the authentication takes over. If you really want
to do it, don't define the security constraint in your web.xml, and make
your own application security mechanism (use filter, and forward
I'm running into a problem using form-based authentication with Tomcat 5.5.9
behind a Cisco CSS load balancer, and I'm hoping someone can point me in the
right direction.
We've got Tomcat deployed on 2 nodes, not clustered, but load-balanced via NAT
distribution by the Cisco device. We want
A couple of suggestions:
- force all traffic on load balancer to/from extrenal world to SSL.
- after form authentication on Tomcat, redirect users to the URL used
by the load balancer - i.e. not XXX:8080/authenticate but
www.YYY.com/authenticate
- or both
Hope this helps.
regards,
Hari
1 - 100 of 1763 matches
Mail list logo