BASIC authentication without Popup Verification window
Hi! I can't figure out why my BASIC authorization isn't working for my app. The pages show up as 401 Not Authorized, but no popup authorization window pops up! Further, the admin and manager apps are working using my JDBCRealm (:Enter Password" window does pop up). Help appreciated. server.xml: --- web.xml: Maintenance /maint/* /maintenance.do manager BASIC Portal manager manager - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDBCRealm authentication on every page
The other option is to use the 'isUserInRole()' call on request and if it's true show the logout link, else show the login link. That way you don't have to manage it. I'm on an "I'm all about the container" kick and the more I leverage what the container provides over writing things like this myself, the more I like it. For the most part it's transparent across containers. -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 10:01 PM To: Tomcat Users List Subject: Re: JDBCRealm authentication on every page On Mon, Oct 18, 2004 at 11:41:51AM -0500, Graff, David wrote: : I think, but this may need elaboration, that Deigo want's to put a "login" : box on all pages when the user has not authenticated and not show it after : login. Ah, gotcha. Instead of showing a login box, what about a login *link* that points to a landing page inside a protected area? You could control the link's presence based on a (very lightweight) session attr: if it's defined, show a "logout" link; if it's not defined, show a "login" link. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Mysterious (I think caching) Problem with IE 6 and Form Authentication under SSL (Tomcat 5.0.x)
Hello, I have a real strange Problem with Tomcat and IE When I get forwarded to the login page of my application and enter my account data I always get the following message: HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser But following the instructions does always result in the same errormessage. With every other browser even InternetExplores on other Machines (same version) I can login without any Problem. I think IE caches the error page somewhere because in the logfile the login is logged as "success" I tried everthing delete temporary internetfiles /cookies nothing worked! Funny is, when I copy the installation to an other machine (other hostname/ip) I can login with my IE without any Problem. If someone knows something about this problem, please give me a hint! greetings Martin Grüneberg Virus checked by G DATA AntiVirusKit Version: AVK 15.0.551 from 19.10.2004 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm authentication on every page
On Mon, Oct 18, 2004 at 11:41:51AM -0500, Graff, David wrote: : I think, but this may need elaboration, that Deigo want's to put a "login" : box on all pages when the user has not authenticated and not show it after : login. Ah, gotcha. Instead of showing a login box, what about a login *link* that points to a landing page inside a protected area? You could control the link's presence based on a (very lightweight) session attr: if it's defined, show a "logout" link; if it's not defined, show a "login" link. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDBCRealm authentication on every page
QM, I think, but this may need elaboration, that Deigo want's to put a "login" box on all pages when the user has not authenticated and not show it after login. -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 12:10 PM To: Tomcat Users List Subject: Re: JDBCRealm authentication on every page On Mon, Oct 18, 2004 at 05:59:59PM +0200, Diego wrote: : Hi! I want to put a login form on all of my pages. I'm using Tomcat 5 : and JDBCRealm, and authentication is working fine when a user tries to : access a protected resource. But I don't know how could I invoke : "manually" JDBCRealm authentication on non-protected pages and stay into : the same page after login. Any idea? If you want to force authentication, you could put the entire webapp under a security constraint (i.e. *any* access will trigger a login popup). -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm authentication on every page
On Mon, Oct 18, 2004 at 05:59:59PM +0200, Diego wrote: : Hi! I want to put a login form on all of my pages. I'm using Tomcat 5 : and JDBCRealm, and authentication is working fine when a user tries to : access a protected resource. But I don't know how could I invoke : "manually" JDBCRealm authentication on non-protected pages and stay into : the same page after login. Any idea? If you want to force authentication, you could put the entire webapp under a security constraint (i.e. *any* access will trigger a login popup). -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm authentication on every page
Hi! I want to put a login form on all of my pages. I'm using Tomcat 5 and JDBCRealm, and authentication is working fine when a user tries to access a protected resource. But I don't know how could I invoke "manually" JDBCRealm authentication on non-protected pages and stay into the same page after login. Any idea? Thanks in advance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DataSourceRealm + DIGEST authentication
Hi all, > Has anyone created a DataSourceRealm that works with DIGEST > authentication? I'm planning to make one, but only if I'm not > reinventing the wheel. If anyone's interested, here's what I have so far: http://sylow.no-ip.com/pub/apache/jakarta/tomcat/DigestableDataSourceRealm.java Any comments welcome. Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DataSourceRealm + DIGEST authentication
Hi all, Has anyone created a DataSourceRealm that works with DIGEST authentication? I'm planning to make one, but only if I'm not reinventing the wheel. A relative bugzilla issue: http://issues.apache.org/bugzilla/show_bug.cgi?id=19767 Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Form Based Authentication with Cookies?
Chris, For what it's worth, I spent ages trying to get a remember-me login thing going "out of the box" but never managed it. In the end I implemented my own user/role setup and use a Filter to ensure the user is logged in when accessing servlets/ JSPs with specifice URL paths. The login page sets cookies to do the "remembering". If you get your's going (I'm now on Tomcat 5.0.28, maybe there's something new) I'd be interested in the details. Good luck. Best regards Chris -- Chris Ward, Horizon Asset Limited <mailto:[EMAIL PROTECTED]> Tel +44 (20) 7367 7028, Fax 7367 7029 -- THIS E-MAIL MAY CONTAIN CONFIDENTIAL AND/OR PRIVILEGED INFORMATION. IF YOU ARE NOT THE INTENDED RECIPIENT (OR HAVE RECEIVED THIS E-MAIL IN ERROR) PLEASE NOTIFY THE SENDER IMMEDIATELY AND DESTROY THIS E- MAIL. ANY UNAUTHORISED COPYING, DISCLOSURE OR DISTRIBUTION OF THE MATERIAL IN THIS E-MAIL IS STRICTLY FORBIDDEN. HORIZON ASSET LIMITED IS AUTHORISED AND REGULATED BY THE FINANCIAL SERVICES AUTHORITY. > -Original Message- > From: Chris Forbis [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 12, 2004 7:45 PM > To: [EMAIL PROTECTED] > Subject: Form Based Authentication with Cookies? > > > I have been looking for a way withing tomcat using a > JDBCRealm to do form bases authentication and allow users to > set some sort of "Remember Me" cookie, so they do not need to > log into my application more than once a month or so. > > It looks like to me that FormAuthenticator is sort of > hardcoded into tomcat without a way to allow for a context to > allow for a CustomFormAuthenticator that would allow for this. > > Am I missing something, or is there no easy way to do this? > > Thanks! > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form Based Authentication with Cookies?
I have been looking for a way withing tomcat using a JDBCRealm to do form bases authentication and allow users to set some sort of "Remember Me" cookie, so they do not need to log into my application more than once a month or so. It looks like to me that FormAuthenticator is sort of hardcoded into tomcat without a way to allow for a context to allow for a CustomFormAuthenticator that would allow for this. Am I missing something, or is there no easy way to do this? Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDI Authentication...
I am using JNDI and Tomcat 4.1 for form-based authentication on a
OpenLDAP 2.1 server. The OS is Fedora Core 2. This is a new server I
am setting up to replace an exisiting one... Upgraded hardware /
software... Anyway, authentication works for the user but doesn't find
the user in the group... It doesn't make sense, since this same config
works on another box. Here's the necessary files:
debug log:
slapd starting
ldap_pvt_gethostbyname_a: host=www.domain.com, r=0
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 50 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal:
=> ldap_bv2dn(cn=Manager,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=Manager,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=Manager,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=manager,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: ,
do_bind: version=3 dn="cn=Manager,dc=domain,dc=com" method=128
do_bind: v3 bind: "cn=Manager,dc=domain,dc=com" to
"cn=Manager,dc=domain,dc=com"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 119 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({mb) ber:
>>> dnPrettyNormal:
=> ldap_bv2dn(uid=ross,ou=people,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(uid=ross,ou=people,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(uid=ross,ou=people,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(uid=ross,ou=people,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: ,
ber_scanf fmt (m) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("uid=ross,ou=people,dc=domain,dc=com")
=> bdb_dn2id( "dc=domain,dc=com" )
<= bdb_dn2id: got id=0x0001
=> bdb_dn2id( "ou=people,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x0007
=> bdb_dn2id( "uid=ross,ou=people,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x0008
entry_decode: "uid=ross,ou=people,dc=domain,dc=com"
<= entry_decode(uid=ross,ou=people,dc=domain,dc=com)
=> send_search_entry: dn="uid=ross,ou=people,dc=domain,dc=com"
ber_flush: 74 bytes to sd 10
<= send_search_entry
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 148 contents:
do_search
ber_scanf fmt ({mb) ber:
>>> dnPrettyNormal:
=> ldap_bv2dn(ou=groups,dc=domain,dc=com,0)
ldap_err2string
<= ldap_bv2dn(ou=groups,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=groups,dc=domain,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(ou=groups,dc=domain,dc=com)=0 Success
<<< dnPrettyNormal: ,
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("ou=groups,dc=domain,dc=com")
=> bdb_dn2id( "ou=groups,dc=domain,dc=com" )
<= bdb_dn2id: got id=0x0006
entry_decode: "ou=groups,dc=domain,dc=com"
<= entry_decode(ou=groups,dc=domain,dc=com)
search_candidates: base="ou=groups,dc=domain,dc=com" (0x0006) scope=1
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl( "ou=groups,dc=domain,dc=com" )
<= bdb_dn2idl: id=4 first=9 last=13
bdb_search_candidates: id=0 first=9 last=0
bdb_search: no candidates
send_ldap_result: conn=0 op=2 p=3
send_ldap_response: msgid=3 tag=101 err=0
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
ber_flush: 14 bytes to sd 10
daemon: shutdown requested and initiated.
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
> bdb_cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.
Slapd.conf:
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world r
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi, Thank you for posting this fine explanation and solution so that others may learn. It always makes my day when people figure out good solutions! Now if the Red Sox win, this will truly be a great day! ;) But a good weekend to all, regardless... Yoav Shapira Millennium Research Informatics >-Original Message- >From: Shinobu Kawai [mailto:[EMAIL PROTECTED] >Sent: Friday, October 08, 2004 1:14 AM >To: Tomcat Users List >Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam >e time. > >Hi Phillip, > >Thanks for the information. > >> - Not all browsers supported DIGEST authentication, so you can't gurantee >> that all clients will be able to authenticate... Internet Explorer and >> Knoqueror are two browsers that do support DIGEST authentication. Mozilla >> 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize >> this), but can't authenticate. >This is cleared, since we are using IE 6. > >> - DIGEST authentication doesn't work if the passwords are digested on the >> Tomcat side (so that they can't be read as cleartext) because of the way >> that DIGEST mechanism calculates its digest. First of all the browser >> calculates a digest of the username, the password, the URL, the HTTP >method, >> and a random string sent to it by the server. Likewise, the server >creates a >> digest to verify that the details entered by the user are correct. >However, >> as the password is already digested on the server, and thus completely >> diferent from the cleartext version entered into the browser, the two >> digests will be different, and authentication will fail... >So here's my problem. I looked further into this, and found a >solution, which I would like to share. > >First, if you take a look at the DIGEST authentication spec at > http://www.faqs.org/rfcs/rfc2617.html >You will see in section 3.2.2.2 A1, that for MD5, the hashed result >depends on username, realm and password. Which means, if I couple the >usernames with the realm, it is possible to hash the passwords stored >in the server. > >Next, I found where the A1 is being calculated in Tomcat: > RealmBase#getDigest(String username, String realmName) >If I override this method to return the hashed password, the digested >password and DIGEST authentication should work together. > >In order to test my theory, I have created a Realm that does the >above, extending MemoryRealm: > http://sylow.no- >ip.com/pub/apache/jakarta/tomcat/DigestableMemoryRealm.java >I set it in my Context using: > workDir="work\Catalina\localhost\shinobu"> > digest="MD5" pathname="conf/shinobu-users.xml" /> > > >Inside my shinobu-users.xml: > > > password="57348f05c8378963c2d52ec456f6b6fd" roles="shinobu.admin"/> > >The password is "md5a1_admin:Shinobu's domain:shinobu_admin" digested with >MD5. > >I set authentication to DIGEST in my web.xml: > > > > /admin/* > > > shinobu.admin > > > > DIGEST > Shinobu's domain > > > shinobu.admin > > > >I access http://localhost:8080/shinobu/admin/ and wholla! It works! > >Best regards, >-- Shinobu Kawai > >-- >Shinobu Kawai <[EMAIL PROTECTED]> > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi Phillip, Thanks for the information. > - Not all browsers supported DIGEST authentication, so you can't gurantee > that all clients will be able to authenticate... Internet Explorer and > Knoqueror are two browsers that do support DIGEST authentication. Mozilla > 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize > this), but can't authenticate. This is cleared, since we are using IE 6. > - DIGEST authentication doesn't work if the passwords are digested on the > Tomcat side (so that they can't be read as cleartext) because of the way > that DIGEST mechanism calculates its digest. First of all the browser > calculates a digest of the username, the password, the URL, the HTTP method, > and a random string sent to it by the server. Likewise, the server creates a > digest to verify that the details entered by the user are correct. However, > as the password is already digested on the server, and thus completely > diferent from the cleartext version entered into the browser, the two > digests will be different, and authentication will fail... So here's my problem. I looked further into this, and found a solution, which I would like to share. First, if you take a look at the DIGEST authentication spec at http://www.faqs.org/rfcs/rfc2617.html You will see in section 3.2.2.2 A1, that for MD5, the hashed result depends on username, realm and password. Which means, if I couple the usernames with the realm, it is possible to hash the passwords stored in the server. Next, I found where the A1 is being calculated in Tomcat: RealmBase#getDigest(String username, String realmName) If I override this method to return the hashed password, the digested password and DIGEST authentication should work together. In order to test my theory, I have created a Realm that does the above, extending MemoryRealm: http://sylow.no-ip.com/pub/apache/jakarta/tomcat/DigestableMemoryRealm.java I set it in my Context using: Inside my shinobu-users.xml: The password is "md5a1_admin:Shinobu's domain:shinobu_admin" digested with MD5. I set authentication to DIGEST in my web.xml: /admin/* shinobu.admin DIGEST Shinobu's domain shinobu.admin I access http://localhost:8080/shinobu/admin/ and wholla! It works! Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
As I am knew to Tomcat I will ask you to excuse my ignorance. I have just realized (and I am asking those with the necessary experience to verify this) that when you talk about "DIGEST" authentication there are really two separate and distinct forms of it: 1. Indicate to the BROWSER to digest the password before it is passed over the network. Tomcat would then extract the PLAIN TEXT password from the database, digest it using the same algorithm and copare it to the digested value that was just received from the browser. 2. Indicate to the REALM that passwords in the database are stored as hash values of the user password. Tomcat will receive the password from the browser in PLAIN TEXT - the realm will hash it and compare it to the retrieved hashed password from the database. As mentioned below, combining these two mechanisms won't work. This happens to be fine for me - we use SSL for all data transfer but we were storing passwords in plain text in the database. We'd like to store hashed values. It is now my understanding that I can continue to use BASIC authentication but simply configure the realm to expect hashed passwords in the database. That really clarifies a lot (assuming I haven't bungled it). I kept finding opposing views concerning digestion of passwords and I couldn't find any absolutes about it. What a relief to finally get some insight! Any clarification or correction of this information would be greatly appreciated before I commit it to memory. Thanks!!! -Original Message- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 07, 2004 1:17 PM To: 'Tomcat Users List' Subject: RE: Using Digested Passwords and DIGEST Authentication at the sam e time. I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute . In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, > Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC -> works! clear text + DIGEST -> works! MD5 digest + BASIC -> works! SHA digest + BASIC -> works! MD5 digest + DIGEST -> doesn't work! SHA digest + DIGEST -> doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416573fa311026568999013! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
It's interesting you know. I read a book called "Professional Apache Tomcat" published by Worx. In Chapter 16 Tomcat Security, the author says - Not all browsers supported DIGEST authentication, so you can't gurantee that all clients will be able to authenticate... Internet Explorer and Knoqueror are two browsers that do support DIGEST authentication. Mozilla 1.0 claims to recognize the DIGEST request (0.9 doesn't even recognize this), but can't authenticate. - DIGEST authentication doesn't work if the passwords are digested on the Tomcat side (so that they can't be read as cleartext) because of the way that DIGEST mechanism calculates its digest. First of all the browser calculates a digest of the username, the password, the URL, the HTTP method, and a random string sent to it by the server. Likewise, the server creates a digest to verify that the details entered by the user are correct. However, as the password is already digested on the server, and thus completely diferent from the cleartext version entered into the browser, the two digests will be different, and authentication will fail... -Original Message- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 1:17 PM To: 'Tomcat Users List' Subject: RE: Using Digested Passwords and DIGEST Authentication at the sam e time. I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute . In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, > Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC -> works! clear text + DIGEST -> works! MD5 digest + BASIC -> works! SHA digest + BASIC -> works! MD5 digest + DIGEST -> doesn't work! SHA digest + DIGEST -> doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:41657a1d315521660274146!
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
I don't think MD5+DIGEST will work. Take a look at any subclass of RealmBase. Realm has nothing to do with web.xml attribute . In the authenticate method, Realm checks hasMessageDigest() - value of Realm digest=. If hasMessageDigest, in your case =MD5, Realm digests the password and compare it with the value stored in database. -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:51 PM To: Tomcat Users List Subject: Re: Using Digested Passwords and DIGEST Authentication at the sam e time. Hi Phillip, > Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC -> works! clear text + DIGEST -> works! MD5 digest + BASIC -> works! SHA digest + BASIC -> works! MD5 digest + DIGEST -> doesn't work! SHA digest + DIGEST -> doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:416573fa311026568999013!
Re: Using Digested Passwords and DIGEST Authentication at the sam e time.
Hi Phillip, > Have you tried it based on the howto? Yep. Here's what I tried: (All with o.a.c.r.MemoryRealm) clear text + BASIC -> works! clear text + DIGEST -> works! MD5 digest + BASIC -> works! SHA digest + BASIC -> works! MD5 digest + DIGEST -> doesn't work! SHA digest + DIGEST -> doesn't work! Strangely, if I enter the digested password, it passes. Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Digested Passwords and DIGEST Authentication at the sam e time.
Have you tried it based on the howto? -Original Message- From: Shinobu Kawai [mailto:[EMAIL PROTECTED] Sent: October 7, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: Using Digested Passwords and DIGEST Authentication at the same time. Hi all, I'm looking for a way to use Digested Passwords as in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html and DIGEST Authentication at the same time. I have found relative questions/threads in the list: http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg90244.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg88409.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79660.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79525.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg72288.html But none of them has a solution. Any idea's before I start hacking Tomcat? TYI Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:41656842305042134720186!
Using Digested Passwords and DIGEST Authentication at the same time.
Hi all, I'm looking for a way to use Digested Passwords as in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html and DIGEST Authentication at the same time. I have found relative questions/threads in the list: http://www.mail-archive.com/[EMAIL PROTECTED]/msg97135.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg90244.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg88409.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79660.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg79525.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg72288.html But none of them has a solution. Any idea's before I start hacking Tomcat? TYI Best regards, -- Shinobu Kawai -- Shinobu Kawai <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DIGEST Authentication in Tomcat 4 vs Tomcat 5
There have been a few issues (see the change log at http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/catalina/src/share/org/apac he/catalina/authenticator/DigestAuthenticator.java for details) but these have been fixed in both TC4 and TC5. The latest TC4 release (4.1.30) does not contain these fixes - hopefully there will be a 4.1.31 release soon. However, you should update to TC5 if you can as it is now the main focus of development effort. Mark > -Original Message- > From: Anderson, M. Paul [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 05, 2004 11:30 PM > To: 'Tomcat Users List' > Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5 > > Can anyone point me to information concerning whether or not DIGEST > authentication works in Tomcat 4 and/or Tomcat 5? I have only found > conflicting information on the web as well as in several > books. Is there a > tutorial out there somewhere that would help me set this up? > I have seen > comments such as "Container managed digest authentication is broken in > almost all of Tomcat 4.1's realm implementations." Is this > true? Have they > been fixed in 5? > > Thanks a million! > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication Mechanisms
For a single webapp with a database, I have used md5 hashes. I believe MySQL does the same for its users table. If you have a whole suite of applications that you know you would like to tie into I like authentication to be taken care of by a separate web-app. Hope this helps. R -Original Message- From: Anderson, M. Paul [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 06, 2004 12:00 PM To: 'Tomcat Users List' Subject: Authentication Mechanisms What mechanisms do you developers typically use for preventing unauthorized access to a web application? I'm trying to determine the best approach for my web app. Here are the basic guidelines I need to follow: 1. We must limit access to the site to registered users. 2. We currently use BASIC authentication. 3. We currently store passwords in a database in plain text but we now wish to encrypt them. 4. I was leaning towards using DIGEST authentication but am not convinced it works correctly based on various articles/books I've seen. Do you recommend any other approaches? Eventually we will be moving towards a salted-hash scheme for encryption but we were hoping we could stand up a site using DIGEST to provide some basic initial encryption before moving to the stronger scheme. Any advice would be appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication Mechanisms
On Wed, 2004-10-06 at 11:59, Anderson, M. Paul wrote: > 3. We currently store passwords in a database in plain text but we now wish > to encrypt them. If you look at the underlying code for the web mail client for yahoo.com for example, you will find a small amount of JavaScript that encrypts the password on the client side before it is sent to the server. The last time I tracked the original source that Yahoo is using, the author had released the encryption code for people to use. The site work I'm currently doing will use similar code. Hope that helps... Bob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication Mechanisms
What mechanisms do you developers typically use for preventing unauthorized access to a web application? I'm trying to determine the best approach for my web app. Here are the basic guidelines I need to follow: 1. We must limit access to the site to registered users. 2. We currently use BASIC authentication. 3. We currently store passwords in a database in plain text but we now wish to encrypt them. 4. I was leaning towards using DIGEST authentication but am not convinced it works correctly based on various articles/books I've seen. Do you recommend any other approaches? Eventually we will be moving towards a salted-hash scheme for encryption but we were hoping we could stand up a site using DIGEST to provide some basic initial encryption before moving to the stronger scheme. Any advice would be appreciated.
RE: DIGEST Authentication in Tomcat 4 vs Tomcat 5
Hi, AFAIK, Digested passwords work just fine in both the Memory and JDBC Realms. I haven't tried it with a JNDI, LDAP, or JAAS Realm. The doc page for Realms is at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#Digeste d%20Passwords. This is for Tomcat 5, I haven't done tested it for 4.x (you should upgrade to 5 anyways if possible for you). Yoav Shapira Millennium Research Informatics >-Original Message- >From: Anderson, M. Paul [mailto:[EMAIL PROTECTED] >Sent: Tuesday, October 05, 2004 6:30 PM >To: 'Tomcat Users List' >Subject: DIGEST Authentication in Tomcat 4 vs Tomcat 5 > >Can anyone point me to information concerning whether or not DIGEST >authentication works in Tomcat 4 and/or Tomcat 5? I have only found >conflicting information on the web as well as in several books. Is there a >tutorial out there somewhere that would help me set this up? I have seen >comments such as "Container managed digest authentication is broken in >almost all of Tomcat 4.1's realm implementations." Is this true? Have >they >been fixed in 5? > >Thanks a million! > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST Authentication in Tomcat 4 vs Tomcat 5
Can anyone point me to information concerning whether or not DIGEST authentication works in Tomcat 4 and/or Tomcat 5? I have only found conflicting information on the web as well as in several books. Is there a tutorial out there somewhere that would help me set this up? I have seen comments such as "Container managed digest authentication is broken in almost all of Tomcat 4.1's realm implementations." Is this true? Have they been fixed in 5? Thanks a million! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: type in twice for basic authentication???
You should definitely try 4.1.30 (or 5.0.27). There were a bunch of fixes between 4.1.29 and 4.1.30 to the JDBC realm. There is a good chance that the behaviour you see is related to bug 11929. Mark > -Original Message- > From: Shapira, Yoav [mailto:[EMAIL PROTECTED] > Sent: Monday, October 04, 2004 2:12 PM > To: Tomcat Users List > Subject: RE: type in twice for basic authentication??? > > > Hi, > Does 4.1.30 behave better? Or 5.0.27? > > (5.0.28 has http://issues.apache.org/bugzilla/show_bug.cgi?id=31372 > which might affect this use-case) > > Yoav Shapira > Millennium Research Informatics > > > >-Original Message- > >From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] > >Sent: Monday, October 04, 2004 1:59 AM > >To: Tomcat Users List > >Subject: RE: type in twice for basic authentication??? > > > >Tomcat 4.1.27 -- please help! > > > > > >- Original message - > >From: "Mark Thomas" <[EMAIL PROTECTED]> > >To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > >Date: Sat, 2 Oct 2004 10:03:49 +0100 > >Subject: RE: type in twice for basic authentication??? > > > >What version of tomcat? > > > >> -Original Message- > >> From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] > >> Sent: Friday, October 01, 2004 11:38 PM > >> To: Tomcat Users List > >> Subject: Re: type in twice for basic authentication??? > >> > >> Yeah, I need some major help on this to figure out what's > >> going on! We > >> have a Windows version and a Linux version of the database. I just > >> changed my DSN over to the Linux one, and now it pops up 4 > >> times!!! No, > >> wait...sometimes it still logs you in just after 2 times, and > >> sometimes > >> it takes as many as 6! Also, sometimes when browsing the > >> site, it makes > >> you log in again in places where it didn't used to. > >> > >> You see, we have a main database that drives our web app, but > >> we've been > >> using a MySQL db to authenticate, and we'd like to get rid of > >> that so we > >> can just deal with one database. However, our main database > >> is behaving > >> strangely. Now, when clicking over to some of the other > JSPs in the > >> site, it will pop up and ask for the username and password in > >> places it > >> didn't used to do that (and no, it shouldn't be changing > contexts or > >> anything like that). > >> > >> > >> > >> - Original message - > >> From: "Stephen Charles Huey" <[EMAIL PROTECTED]> > >> To: "Tomcat User" <[EMAIL PROTECTED]> > >> Date: Fri, 01 Oct 2004 17:10:32 -0500 > >> Subject: type in twice for basic authentication??? > >> > >> When my web app pops up a basic authentication box, I type in the > >> username and password, and then it bounces back with blank > text boxes > >> asking for it again. Every time when I type them in a > second time it > >> then lets me in! What's going on? Here's what I have in my > >> server.xml: > >> > >> > >> >> driverName="sun.jdbc.odbc.JdbcOdbcDriver" > >> connectionURL="jdbc:odbc:dbname" > >> userTable="users" userNameCol="userid" userCredCol="password" > >> userRoleTable="roles" roleNameCol="role" /> > >> > >> > - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: > [EMAIL PROTECTED] > >> > >> > >> > - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: > [EMAIL PROTECTED] > >> > > > > > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > This e-mail, including any attachments, is a confidential > business communication, and may contain information that is > confidential, proprietary and/or privileged. This e-mail is > intended only for the individual(s) to whom it is addressed, > and may not be saved, copied, printed, disclosed or used by > anyone else. If you are not the(an) intended recipient, > please immediately delete this e-mail from your computer > system and notify the sender. Thank you. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
basic authentication
Anybody have a clue as to why my basic authentication box would keep coming back at me 2-6 times before letting me in, even though I'm typing the correct username and password every single time? This is Tomcat 4.1.27 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
realms: authentication against a web service?
Is this possible? I have to investigate the possibility of integrating two systems, where users authenticate themselves against our webapp, and the webapp checks their credentials against a web service in the background.. Do I have to make my own JAAS realm, which in turn authenticates against a web service? Or are there libraries that eases this integration? Although I am a fairly competent java-developer, I have never developed against a web services before, so if this is fairly easy, please bear with me, and point me in the right direction. :-) Hope someone can help... Thanks -- \ Olve S. Hansen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: type in twice for basic authentication???
Hi, Does 4.1.30 behave better? Or 5.0.27? (5.0.28 has http://issues.apache.org/bugzilla/show_bug.cgi?id=31372 which might affect this use-case) Yoav Shapira Millennium Research Informatics >-Original Message- >From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] >Sent: Monday, October 04, 2004 1:59 AM >To: Tomcat Users List >Subject: RE: type in twice for basic authentication??? > >Tomcat 4.1.27 -- please help! > > >- Original message - >From: "Mark Thomas" <[EMAIL PROTECTED]> >To: "'Tomcat Users List'" <[EMAIL PROTECTED]> >Date: Sat, 2 Oct 2004 10:03:49 +0100 >Subject: RE: type in twice for basic authentication??? > >What version of tomcat? > >> -Original Message- >> From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] >> Sent: Friday, October 01, 2004 11:38 PM >> To: Tomcat Users List >> Subject: Re: type in twice for basic authentication??? >> >> Yeah, I need some major help on this to figure out what's >> going on! We >> have a Windows version and a Linux version of the database. I just >> changed my DSN over to the Linux one, and now it pops up 4 >> times!!! No, >> wait...sometimes it still logs you in just after 2 times, and >> sometimes >> it takes as many as 6! Also, sometimes when browsing the >> site, it makes >> you log in again in places where it didn't used to. >> >> You see, we have a main database that drives our web app, but >> we've been >> using a MySQL db to authenticate, and we'd like to get rid of >> that so we >> can just deal with one database. However, our main database >> is behaving >> strangely. Now, when clicking over to some of the other JSPs in the >> site, it will pop up and ask for the username and password in >> places it >> didn't used to do that (and no, it shouldn't be changing contexts or >> anything like that). >> >> >> >> - Original message - >> From: "Stephen Charles Huey" <[EMAIL PROTECTED]> >> To: "Tomcat User" <[EMAIL PROTECTED]> >> Date: Fri, 01 Oct 2004 17:10:32 -0500 >> Subject: type in twice for basic authentication??? >> >> When my web app pops up a basic authentication box, I type in the >> username and password, and then it bounces back with blank text boxes >> asking for it again. Every time when I type them in a second time it >> then lets me in! What's going on? Here's what I have in my >> server.xml: >> >> >> > driverName="sun.jdbc.odbc.JdbcOdbcDriver" >> connectionURL="jdbc:odbc:dbname" >> userTable="users" userNameCol="userid" userCredCol="password" >> userRoleTable="roles" roleNameCol="role" /> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Compiling Error - Form Based Authentication
I'd suggest rebuilding your appliation against java 5, and also running your tomcat with the java 5 JDK as well. Make sure that everything is happy at that level. Ta Matt -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 04 October 2004 13:44 To: John Najarian; Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I have to give u a bad news. What i said yesterday night was wrong. I have the same error also putting tools.jar (the JDK 1.5 ones)... so I'm in trouble again! Omar - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Omar Adobati'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:53 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication Hi Omar, You should install the entire new JDK. Having 1 jar file from 1 version of the JDK and all the other JAR files from another version could cause a lot of problems. I'd be surprised if it doesn't. Also, to avoid this problem and similar ones from happening you should install the same version of Tomcat on the Linux box also. Developing on 1 box and trying to deploy on another box running different versions of Tomcat & the JDK is NOT advisable. Let me know what you do. I'm interested. John -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 12:39 PM To: John Najarian Subject: Re: Tomcat Compiling Error - Form Based Authentication Exactly...just replace the old tools.jar with the new one! I'm so happy It was drive me crazy! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Omar Adobati'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:31 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication YEEE HA! Good for you & glad I could help. So you didn't have to install the new jdk but used the tools.jar from the new jdk? I'd install the entire 1.5 JDK. Compiling and running other things may cause similar problems to what you just had occur. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 12:22 PM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication WOW, it works! I have tried to upload the JDK 1.5.0 tools.jar into $Tomcat-home$\commons\lib and all works! Thankyou very much for help and yur time! regards Omar (Italian happy guy!) - Original Message - From: "Omar Adobati" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:11 PM Subject: Re: Tomcat Compiling Error - Form Based Authentication >I hope you've right. > Tomorrow i'll do it and write here if it works... > > thx a lot > > - Original Message - > From: "John Najarian" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Sunday, October 03, 2004 9:07 PM > Subject: RE: Tomcat Compiling Error - Form Based Authentication > > > Omar, this may be the problem & my hunch is that it is. You've built & > run > code against never version of tomcat, jdk, jre... It could be there is 1 > or > more things that work/compile... with these newer versions that aren't > backward compatible. It maybe the tools.jar files aren't compatible. > > If you can get jdk 1.5 and tomcat 5.28 for Linux download, install them > and > rebuild your app. > > -Original Message- > From: Omar Adobati [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 03, 2004 11:50 AM > To: Tomcat Users List > Subject: Re: Tomcat Compiling Error - Form Based Authentication > > On the windows box I'm using: > - Tomcat 5.0.28 > - JDK & jre: 1.5.0 beta > > every help is wellcome! > > - Original Message - > From: "John Najarian" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Sunday, October 03, 2004 8:45 PM > Subject: RE: Tomcat Compiling Error - Form Based Authentication > > > You're still using the app on a Windows XP machine right? > What version of Tomcat, jdk & jre are on that box? > > You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this > will fix your problem but it won't hurt or take much time. > > -Original Message- > From: Omar Adobati [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 03, 2004 11:25 AM > To: Tomcat Users List > Subject: Re: Tomcat Compiling Error - Form Based Authentication > > Tomcat: 5.0.18 > JDK & jre: 1.4.2 > O.S.: Linux > > ther's anything wrong? > > -
Re: Tomcat Compiling Error - Form Based Authentication
I have to give u a bad news. What i said yesterday night was wrong. I have the same error also putting tools.jar (the JDK 1.5 ones)... so I'm in trouble again! Omar - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Omar Adobati'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:53 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication Hi Omar, You should install the entire new JDK. Having 1 jar file from 1 version of the JDK and all the other JAR files from another version could cause a lot of problems. I'd be surprised if it doesn't. Also, to avoid this problem and similar ones from happening you should install the same version of Tomcat on the Linux box also. Developing on 1 box and trying to deploy on another box running different versions of Tomcat & the JDK is NOT advisable. Let me know what you do. I'm interested. John -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 12:39 PM To: John Najarian Subject: Re: Tomcat Compiling Error - Form Based Authentication Exactly...just replace the old tools.jar with the new one! I'm so happy It was drive me crazy! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Omar Adobati'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:31 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication YEEE HA! Good for you & glad I could help. So you didn't have to install the new jdk but used the tools.jar from the new jdk? I'd install the entire 1.5 JDK. Compiling and running other things may cause similar problems to what you just had occur. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 12:22 PM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication WOW, it works! I have tried to upload the JDK 1.5.0 tools.jar into $Tomcat-home$\commons\lib and all works! Thankyou very much for help and yur time! regards Omar (Italian happy guy!) - Original Message - From: "Omar Adobati" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:11 PM Subject: Re: Tomcat Compiling Error - Form Based Authentication I hope you've right. Tomorrow i'll do it and write here if it works... thx a lot - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication Omar, this may be the problem & my hunch is that it is. You've built & run code against never version of tomcat, jdk, jre... It could be there is 1 or more things that work/compile... with these newer versions that aren't backward compatible. It maybe the tools.jar files aren't compatible. If you can get jdk 1.5 and tomcat 5.28 for Linux download, install them and rebuild your app. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:50 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication On the windows box I'm using: - Tomcat 5.0.28 - JDK & jre: 1.5.0 beta every help is wellcome! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:45 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse a
Access the "org.apache.catalina.authenticator.REQUEST" note (get the requested page before the authentication form)
Hi!! I use Tomcat 4.1 within JBoss 3.2.3 and JAAS. I need to know the page requested before the authentication take the control of the view. I find that information in the StandardSession's note "org.apache.catalina.authenticator.REQUEST". How can i read it?! request.getSession() is a StandardSessionFacade with the "session" field (that have the public getNotes()) unaccessible... :( Any idea?! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: type in twice for basic authentication???
Tomcat 4.1.27 -- please help! - Original message - From: "Mark Thomas" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Date: Sat, 2 Oct 2004 10:03:49 +0100 Subject: RE: type in twice for basic authentication??? What version of tomcat? > -Original Message- > From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] > Sent: Friday, October 01, 2004 11:38 PM > To: Tomcat Users List > Subject: Re: type in twice for basic authentication??? > > Yeah, I need some major help on this to figure out what's > going on! We > have a Windows version and a Linux version of the database. I just > changed my DSN over to the Linux one, and now it pops up 4 > times!!! No, > wait...sometimes it still logs you in just after 2 times, and > sometimes > it takes as many as 6! Also, sometimes when browsing the > site, it makes > you log in again in places where it didn't used to. > > You see, we have a main database that drives our web app, but > we've been > using a MySQL db to authenticate, and we'd like to get rid of > that so we > can just deal with one database. However, our main database > is behaving > strangely. Now, when clicking over to some of the other JSPs in the > site, it will pop up and ask for the username and password in > places it > didn't used to do that (and no, it shouldn't be changing contexts or > anything like that). > > > > - Original message - > From: "Stephen Charles Huey" <[EMAIL PROTECTED]> > To: "Tomcat User" <[EMAIL PROTECTED]> > Date: Fri, 01 Oct 2004 17:10:32 -0500 > Subject: type in twice for basic authentication??? > > When my web app pops up a basic authentication box, I type in the > username and password, and then it bounces back with blank text boxes > asking for it again. Every time when I type them in a second time it > then lets me in! What's going on? Here's what I have in my > server.xml: > > > driverName="sun.jdbc.odbc.JdbcOdbcDriver" > connectionURL="jdbc:odbc:dbname" > userTable="users" userNameCol="userid" userCredCol="password" > userRoleTable="roles" roleNameCol="role" /> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Compiling Error - Form Based Authentication
WOW, it works! I have tried to upload the JDK 1.5.0 tools.jar into $Tomcat-home$\commons\lib and all works! Thankyou very much for help and yur time! regards Omar (Italian happy guy!) - Original Message - From: "Omar Adobati" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:11 PM Subject: Re: Tomcat Compiling Error - Form Based Authentication I hope you've right. Tomorrow i'll do it and write here if it works... thx a lot - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication Omar, this may be the problem & my hunch is that it is. You've built & run code against never version of tomcat, jdk, jre... It could be there is 1 or more things that work/compile... with these newer versions that aren't backward compatible. It maybe the tools.jar files aren't compatible. If you can get jdk 1.5 and tomcat 5.28 for Linux download, install them and rebuild your app. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:50 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication On the windows box I'm using: - Tomcat 5.0.28 - JDK & jre: 1.5.0 beta every help is wellcome! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:45 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpSe
Re: Tomcat Compiling Error - Form Based Authentication
I hope you've right. Tomorrow i'll do it and write here if it works... thx a lot - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 9:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication Omar, this may be the problem & my hunch is that it is. You've built & run code against never version of tomcat, jdk, jre... It could be there is 1 or more things that work/compile... with these newer versions that aren't backward compatible. It maybe the tools.jar files aren't compatible. If you can get jdk 1.5 and tomcat 5.28 for Linux download, install them and rebuild your app. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:50 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication On the windows box I'm using: - Tomcat 5.0.28 - JDK & jre: 1.5.0 beta every help is wellcome! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:45 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apach
RE: Tomcat Compiling Error - Form Based Authentication
Omar, this may be the problem & my hunch is that it is. You've built & run code against never version of tomcat, jdk, jre... It could be there is 1 or more things that work/compile... with these newer versions that aren't backward compatible. It maybe the tools.jar files aren't compatible. If you can get jdk 1.5 and tomcat 5.28 for Linux download, install them and rebuild your app. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:50 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication On the windows box I'm using: - Tomcat 5.0.28 - JDK & jre: 1.5.0 beta every help is wellcome! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:45 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch er.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher .java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent i
Re: Tomcat Compiling Error - Form Based Authentication
On the windows box I'm using: - Tomcat 5.0.28 - JDK & jre: 1.5.0 beta every help is wellcome! - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:45 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch er.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher .java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent icator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:
RE: Tomcat Compiling Error - Form Based Authentication
You're still using the app on a Windows XP machine right? What version of Tomcat, jdk & jre are on that box? You may want to upgrade the jre/plugin to 1.4.2_05. I'm not sure if this will fix your problem but it won't hurt or take much time. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 11:25 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch er.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher .java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent icator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineVal
Re: Tomcat Compiling Error - Form Based Authentication
Tomcat: 5.0.18 JDK & jre: 1.4.2 O.S.: Linux ther's anything wrong? - Original Message - From: "John Najarian" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 8:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch er.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher .java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent icator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Pro
RE: Tomcat Compiling Error - Form Based Authentication
This may be an 'out there' question for your problem but which versions Of Tomcat, jdk & jre are you using? I could be that you've got a mismatch. -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:24 AM To: Tomcat Users List Subject: Re: Tomcat Compiling Error - Form Based Authentication I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.jav a:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 96) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis patcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch er.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher .java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent icator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164 ) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex t.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683) at java.lang.Thread.run(Thread.jav
Re: Tomcat Compiling Error - Form Based Authentication
I don't think it was a permission problem on the webapps application 'couse all other still work good and have the same permissions settings as this one that gives troubles. This is the permission on tools.jar, I think it's all ok... -rwxr--r--1 root root 5092901 ott 3 16:47 tools.jar Tomcat version I'm using is the 5.0.18 Hope this help you to help me in solving this trouble! - Original Message - From: "Dale, Matt" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Sunday, October 03, 2004 7:07 PM Subject: RE: Tomcat Compiling Error - Form Based Authentication I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:296) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --
RE: Tomcat Compiling Error - Form Based Authentication
I've run out of ideas but could this be a permissions problem? Either on the tools.jar or on the work directory for the webapp? Which version of tomcat are you running? -Original Message- From: Omar Adobati [mailto:[EMAIL PROTECTED] Sent: 03 October 2004 16:35 To: Tomcat Users List Subject: Tomcat Compiling Error - Form Based Authentication Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:296) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Prote
Tomcat Compiling Error - Form Based Authentication
Sorry Matt, the log was changeing. Now it show just this instead off the error that cant compile... why? I'm still usinf form-based authentication and the webapp in a localmachine with WinXP + Tomcat worls good but gives this problem on a server with Linux RH plus Tomcat. (Tomcat is the same on thae Linux machine and on the Win one) === 3-ott-2004 17.30.19 org.apache.catalina.authenticator.FormAuthenticator authenticate AVVERTENZA: Unexpected error forwarding to login page org.apache.jasper.JasperException: Unable to load class for JSP at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:584) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:177) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:296) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:284) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:204) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:742) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:506) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:443) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:359) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:259) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:578) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE: type in twice for basic authentication???
Due to increasing levels of spam, this email address no longer receives email. To contact us, please go to http://takanomi.com/contact.php. [If you publish an ezine or newsletter to which we are subscribed, or own an affiliate program or service of which we are a member, please visit the above URL and request our updated email address.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: type in twice for basic authentication???
What version of tomcat? > -Original Message- > From: Stephen Charles Huey [mailto:[EMAIL PROTECTED] > Sent: Friday, October 01, 2004 11:38 PM > To: Tomcat Users List > Subject: Re: type in twice for basic authentication??? > > Yeah, I need some major help on this to figure out what's > going on! We > have a Windows version and a Linux version of the database. I just > changed my DSN over to the Linux one, and now it pops up 4 > times!!! No, > wait...sometimes it still logs you in just after 2 times, and > sometimes > it takes as many as 6! Also, sometimes when browsing the > site, it makes > you log in again in places where it didn't used to. > > You see, we have a main database that drives our web app, but > we've been > using a MySQL db to authenticate, and we'd like to get rid of > that so we > can just deal with one database. However, our main database > is behaving > strangely. Now, when clicking over to some of the other JSPs in the > site, it will pop up and ask for the username and password in > places it > didn't used to do that (and no, it shouldn't be changing contexts or > anything like that). > > > > - Original message - > From: "Stephen Charles Huey" <[EMAIL PROTECTED]> > To: "Tomcat User" <[EMAIL PROTECTED]> > Date: Fri, 01 Oct 2004 17:10:32 -0500 > Subject: type in twice for basic authentication??? > > When my web app pops up a basic authentication box, I type in the > username and password, and then it bounces back with blank text boxes > asking for it again. Every time when I type them in a second time it > then lets me in! What's going on? Here's what I have in my > server.xml: > > > driverName="sun.jdbc.odbc.JdbcOdbcDriver" > connectionURL="jdbc:odbc:dbname" > userTable="users" userNameCol="userid" userCredCol="password" > userRoleTable="roles" roleNameCol="role" /> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: type in twice for basic authentication???
Yeah, I need some major help on this to figure out what's going on! We have a Windows version and a Linux version of the database. I just changed my DSN over to the Linux one, and now it pops up 4 times!!! No, wait...sometimes it still logs you in just after 2 times, and sometimes it takes as many as 6! Also, sometimes when browsing the site, it makes you log in again in places where it didn't used to. You see, we have a main database that drives our web app, but we've been using a MySQL db to authenticate, and we'd like to get rid of that so we can just deal with one database. However, our main database is behaving strangely. Now, when clicking over to some of the other JSPs in the site, it will pop up and ask for the username and password in places it didn't used to do that (and no, it shouldn't be changing contexts or anything like that). - Original message - From: "Stephen Charles Huey" <[EMAIL PROTECTED]> To: "Tomcat User" <[EMAIL PROTECTED]> Date: Fri, 01 Oct 2004 17:10:32 -0500 Subject: type in twice for basic authentication??? When my web app pops up a basic authentication box, I type in the username and password, and then it bounces back with blank text boxes asking for it again. Every time when I type them in a second time it then lets me in! What's going on? Here's what I have in my server.xml: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
type in twice for basic authentication???
When my web app pops up a basic authentication box, I type in the username and password, and then it bounces back with blank text boxes asking for it again. Every time when I type them in a second time it then lets me in! What's going on? Here's what I have in my server.xml: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : User authentication in multi repositories
Hi, Yes, it's typically the object of the JAAS API. You can configure the JAASRealm and develop your login modules to access multiple LDAP services. You have to think at the rules to use to authenticate sub-group of users in corporate domain and others in other repository. -Message d'origine- De : QM [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 septembre 2004 23:52 À : Tomcat Users List Objet : Re: User authentication in multi repositories On Wed, Sep 29, 2004 at 01:50:31PM -0300, Ac?cio Furtado Costa wrote: : We would like to know, if it is possible for an application to authenticate : users in multiple LDAP Services. For instance, one sub-group of users will : authenticate on our corporate domain (Active Directory) and another : sub-group (clients, supliers) in other repository (ADAM- Active Directory : Application Mode, NDS, etc). "An application," perhaps. ;) "Tomcat's JNDI-based Realm, out of the box," likely no. This thread came up a few weeks ago. You can search the archive for details; the highlights boiled down to: sync'ing up your AD setups[1] or writing custom code. [1] = I'm not an AD expert; but I understand one offered solution involved creating some sort of "master" AD instance that delegated to the others on the backend. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User authentication in multi repositories
On Wed, Sep 29, 2004 at 01:50:31PM -0300, Ac?cio Furtado Costa wrote: : We would like to know, if it is possible for an application to authenticate : users in multiple LDAP Services. For instance, one sub-group of users will : authenticate on our corporate domain (Active Directory) and another : sub-group (clients, supliers) in other repository (ADAM- Active Directory : Application Mode, NDS, etc). "An application," perhaps. ;) "Tomcat's JNDI-based Realm, out of the box," likely no. This thread came up a few weeks ago. You can search the archive for details; the highlights boiled down to: sync'ing up your AD setups[1] or writing custom code. [1] = I'm not an AD expert; but I understand one offered solution involved creating some sort of "master" AD instance that delegated to the others on the backend. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User authentication in multi repositories
We would like to know, if it is possible for an application to authenticate users in multiple LDAP Services. For instance, one sub-group of users will authenticate on our corporate domain (Active Directory) and another sub-group (clients, supliers) in other repository (ADAM- Active Directory Application Mode, NDS, etc). Can anyone give us a direction to look at, or point us to some information. Thanks Acacio Furtado Costa Magnesita S/A
Re: basic authentication and custom 401 error page
Hi Ross, Simply adding an error page will not do. You need to have a servlet that will set the status of the response-page as "403" (HttpServletResponse.SC_UNAUTHORIZED) Look at the code-implementation of Security-Filter. It's good. http://sf.net/projects/securityfilter HTH Happy Hacking, Gaurav Vaish http://www.mastergaurav.org - On Fri, 24 Sep 2004 09:33:13 -0500, Angelov, Rossen <[EMAIL PROTECTED]> wrote: > Hi, > We are running our applications on Tomcat 4 and 5. On both versions we are > having problems with the basic authentication. > > The problem is that I haven't found a way to overwrite the default 401 error > page with a custom page. > If I add an error-page element in web.xml for error 401 > >401 >/err401.html > > then the username/password window is completely ignored and the err401.html > page displayed. > > I searched the archives and different forums but there are a lot of people > asking for help with similar problems without any responses. > I found two reported bugs related to that issue: 12194 and 22617 for tomcat > 3 and 4 > > I didn't find any bugs for tomcat 5 but it still not working for me. > > Any suggestions will be appreciated. > > Thanks, > Ross > > "This communication is intended solely for the addressee and is > confidential and not for third party unauthorized distribution." > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
basic authentication and custom 401 error page
Hi, We are running our applications on Tomcat 4 and 5. On both versions we are having problems with the basic authentication. The problem is that I haven't found a way to overwrite the default 401 error page with a custom page. If I add an error-page element in web.xml for error 401 401 /err401.html then the username/password window is completely ignored and the err401.html page displayed. I searched the archives and different forums but there are a lot of people asking for help with similar problems without any responses. I found two reported bugs related to that issue: 12194 and 22617 for tomcat 3 and 4 I didn't find any bugs for tomcat 5 but it still not working for me. Any suggestions will be appreciated. Thanks, Ross "This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution."
Re: Use Tomcat to access Other Directories On Server (outside of webapps/) With Authentication
On Fri, Sep 24, 2004 at 09:20:06AM -0400, Matt Mejaski wrote: : [snip re: using Apache] : Currently, in Apache, I have some Alias'es to point to other directories on : the server (i.e. Alias /MyStuff C:\MyStuff), and then, I use a .htaccess : file to control access to /MyStuff. : : Now, I was wondering if I could get rid of Apache altogether and only use : Tomcat. : : I can set up a in Tomcat for my Apache Alias'es (i.e. ), but I don't know how to control : security on that Context! You're running into brick walls because you're trying to pull Apache magic with Tomcat (really, with Java webapps). The two worlds are similar but not the same. What you're really trying to do is have a single Tomcat instance that serves/manages content from paths outside of the context. Out of the box this will not work because Java webapps are meant to be self-contained applications that can be dropped into a container in framework fashion. : In Tomcat, is there an alternative way that i can use an Alias that will : share the security of my main app if my main app uses Container Managed : Security? Directly, out-of-the-box? Not to my knowledge. The choices I see are as follows: 1/ If you're willing to write some custom code, you could map the path "/MyStuff" to a servlet (a Page Controller) that streams those non-context files to users. 2/ separate your "virtual" Apache paths into full-fledged webapps (contexts), with their own deployment descriptors (web.xml) and security constraints defined therein. Look into single sign-on to handle inter-app credentials. 3/ put all of these files into a single webapp 4/ Stick with Apache on the front end =) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Use Tomcat to access Other Directories On Server (outside of webapps/) With Authentication
Hi all, I'm currently developing a web app, and I'm currently using Apache HTTP Server as well as Tomcat. Tomcat is my Java and JSP Servlet container. Apache HTTP Server is (obviously) a server to serve my static pages (that are changed from the Java code). Currently, in Apache, I have some Alias'es to point to other directories on the server (i.e. Alias /MyStuff C:\MyStuff), and then, I use a .htaccess file to control access to /MyStuff. Now, I was wondering if I could get rid of Apache altogether and only use Tomcat. I can set up a in Tomcat for my Apache Alias'es (i.e. ), but I don't know how to control security on that Context! I want to start using Container Security (i.e. like in the Servlet specs), but this means i can only use container security for those 'alias' Contexts if I put a web.xml in a WEB-INF subfolder, which I don't really want to do In Tomcat, is there an alternative way that i can use an Alias that will share the security of my main app if my main app uses Container Managed Security? Oh -- right now I'm using Tomcat 4.1.18, but if necessary I can upgrade. Hopefully someone can help. =) Thanks, Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DIGEST Authentication question
Hi guys. I'm having trouble setting up DIGEST authentication for single webapp in Tomcat 5.0.27. does anyone have done it successfully I'd appreciate some guidance in this area Alex
which jar files help accomplish JNDI/LDAP/ADS authentication in 4.1.12
I have a configuration of tomcat 4.1.17 which uses a JNDI realm to authenticate to Active Directory Server. It works well. Unfortunately, I must accomplish the same thing in a configuration of Tomcat 4.1.12 in order to be in step with a vendor supplied tool. 4.1.12 is not able to accomplish this particular goal due to a problem in the way it issues an error message inappropriately "javax.naming.PartialResultException" and then fails to authenticate. I would like to know which jar files I need to copy from my tomcat 4.1.17 to replace in my 4.1.12 in order to accomplish the JNDI/LDAP processing. I've already copied the common/lib/jndi.jar and common/lib/naming-factory.jar and they haven't been enough to fix the problem. I need to move as little as possible so as to maintain the 4.1.12 integrity for my vendor supplied tool. Any suggestions would be so appreciated. Thanks, [EMAIL PROTECTED]
Re: [SOLVED] basic FORM-based authentication failing
Awful typo... works much better when j_user_name is spelled j_username Issue resolved. Thanks. fb. Quoting Fred Blaise <[EMAIL PROTECTED]>: > Hello all > > I have been trying to set up FORM based authentication, but it only works > half-way. > When I try to get to the protected resource, it sends me to the login page: > good. > If I authenticate incorrectly, then it sends me to the login error page: > good. > If I authenticate _correctly_, it also sends me to the login error page: bad. > > I have been reading at jakarta.apache.org, and in JSP & Servlets cookbook, > and I > don't know what I am doing wrong. Please find the config files below. My form > uses the j_user_name, j_password and so forth. I have reloaded the app and > restarted tomcat. > > Thank you for any help/pointers... > > fb. > > --tomcat-users.xml (truncated...) > > --end tomcat-users.xml > > --web.xml > > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" >"http://java.sun.com/dtd/web-app_2_3.dtd";> > > > > > > > > Client login > /clients/index.jsp > GET > POST > > > > clients > > > > CONFIDENTIAL > > > > > > FORM > > > > /login.jsp > /loginError.jsp > > > > > > > clients > > > > --end web.xml > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
basic FORM-based authentication failing
Hello all I have been trying to set up FORM based authentication, but it only works half-way. When I try to get to the protected resource, it sends me to the login page: good. If I authenticate incorrectly, then it sends me to the login error page: good. If I authenticate _correctly_, it also sends me to the login error page: bad. I have been reading at jakarta.apache.org, and in JSP & Servlets cookbook, and I don't know what I am doing wrong. Please find the config files below. My form uses the j_user_name, j_password and so forth. I have reloaded the app and restarted tomcat. Thank you for any help/pointers... fb. --tomcat-users.xml (truncated...) --end tomcat-users.xml --web.xml http://java.sun.com/dtd/web-app_2_3.dtd";> Client login /clients/index.jsp GET POST clients CONFIDENTIAL FORM /login.jsp /loginError.jsp clients --end web.xml - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug in Form Based Authentication? (v5.0.25)
I through I'd try re-explaining an issue I didn't get an answer on before. Hopefully this is clearer! I've deployed two apps to a single instance of Tomcat v5.0.25. Both apps are deployed as the default app for their respective domains (i.e. ) The app deployed to www.mydomain.com does not use authentication. The second app deployed to a subdomain of www.mydomain.com (i.e. dev.mydomain.com) is deployed with FORM based authentication. Tomcat correctly presents the login page when an attempt to access a protected URI is made with the second app. Unfortunately after submitting the login form, Tomcat returns a 404 response and a blank page. I believe the backing realm and protected resource URIs are correct because redeploying the second web app with BASIC authentication results in the expected behaviour...dialog box pops up requiring login when the same protected URI is accessed and upon successful login, the desired page is rendered. I do not see any error messages in any of the log files or the console when the app is deployed with FORM based authentication. The same web app deployed to a "localhost" host with an explicit context path (i.e. ) works correctly with FORM based authentication. If anyone can atleast let me know how to troubleshoot (if not solve) this it would be greatly appreciated (I've now spent 1 week on this). Thanks in advance, Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Customizing BASIC authentication
For example, Spec 2.3 specifies The getRemoteUser method returns the user name the client used for authentication. If no user has been authenticated, the getRemoteUser method returns null. getRemoteUser(): ... Whether the user name is sent with each subsequent request depends on the browser and type of authentication. -Message d'origine- De : Robert Bateman [mailto:[EMAIL PROTECTED] Envoyé : lundi 16 août 2004 20:42 À : Tomcat Users List Objet : Re: Customizing BASIC authentication Someone please correct me if I'm wrong here... Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed. Bob On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: > You can use request.getRemoteUser() to obtain the username. The password > is not really accessible except by examining the http headers. > > Jake > > At 11:21 PM 8/13/2004 -0400, you wrote: > >Hi all, > > > >I've been spending the last few hours reading about realms, > >valves, authenticators and the like, and I'm totally confused. > >I'm hoping if I describe my situation, someone can help me > >cut through the fog. > > > >I'm working on a simple web app that will feed custom RSS XML > >to clients that must use basic authentication. In my application, > >I need to do more than just look up users somewhere. Instead, the > >login/password values returned via basic authentication headers will be > > used in some fairly complex ways to both authenticate and then > >construct the custom response. > > > >What is the simplest way to customize basic authentication > >in Tomcat 4? It seems that realms are not the way to go, since > >they just handle authentication and have nothing to do with the > >request/response. Valves/authenticators seem like overkill. Form > >based authentication is not an option. > > > >Can I have Tomcat manage basic authentication headers but pass > >the login/password values to my code? And can I then have access > >to that information in the servlet that creates the response? > > > >Many thanks, > > > >Fred > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form based authentication - "last login"
On Fri, Sep 03, 2004 at 10:08:59AM +0200, [EMAIL PROTECTED] wrote: : IMHO the best sollution would be to intercept the authentication process (I'm working with Tomcat 4.x), to smuggle some custom code there that updates the appropriate column in the database. The question is.. how can I do this?? Or maybe someone has a better idea how to do this?? There are several ways to do this, I'm sure. My preferred method: map a Filter to the protected area(s) that checks for the presence of some session object. If the object isn't there, the person has just logged in, so you record the timestamp and store the object. Otherwise, the person's already logged in and the filter can pass the request/response down the chain. The marker object needn't be anything special: a simple Boolean will do, if you don't store any other objects for users who are logged in. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form based authentication - "last login"
Hi All, I'm supposed to record the last login timestamp. IMHO the best sollution would be to intercept the authentication process (I'm working with Tomcat 4.x), to smuggle some custom code there that updates the appropriate column in the database. The question is.. how can I do this?? Or maybe someone has a better idea how to do this?? Thanx in advance for your suggestions Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
404 response form authentication problem
I have a login form that works fine in my local development environment with a single webapp deployed to the default localhost "host". However, in a hosted environment with multiple "host"s defined in my server.xml Tomcat returns a 404 response and a blank page. The html form follows the servlet spec definition, the application deploys successfully in (confirmed via log files), and I'm successfully redirected to my login page when trying to access a protected resource. I have cookies enabled in my browser and I see that a call to request.isRequestedSessionIdFromCookie() = true in my log files. If I change the web.xml's element from FORM to BASIC, I get challenged for a login and then successfully redirected. I'm at a loss for why this isn't working any help/thoughts are greatly appreciated! I've defined a host in the server.xml that uses a sub-domain. I also have another host running on the same Tomcat instance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Accessing LDAP after authentication
OK, thanks. I was reaching that conclusion. Thanks for the confirmation. Dave -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 10:05 AM To: Tomcat Users List Subject: Re: Accessing LDAP after authentication You'll need to connect to LDAP via JNDI to get the other user attributes. JNDIRealm only knows how to authenticate and authorize, not user information retrieval. To get the user name - request.getRemoteUser() or request.getUserPrincipal() should give you enough information to perform your ldap lookups. -Tim Dave Bender wrote: > I've gotten a JndiRealm working with Tomcat to authenticate users from our > LDAP directory and allow them access to various parts of our web application > based on groups and roles. That works slick as snot. Now I'd like to pluck > a few more tidbits from our LDAP database -- email address, first name, last > name. Things like that. > > Is it possible to transparently access the JndiRealm from a JSP or servlet, > or do I need to make an explicit connection using the InitialContext? It > seems like Tomcat's already made and is managing a connection to the LDAP > server, so my app running inside of it shouldn't have to. Can I do that? > > Dave > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Accessing LDAP after authentication
You'll need to connect to LDAP via JNDI to get the other user attributes. JNDIRealm only knows how to authenticate and authorize, not user information retrieval. To get the user name - request.getRemoteUser() or request.getUserPrincipal() should give you enough information to perform your ldap lookups. -Tim Dave Bender wrote: I've gotten a JndiRealm working with Tomcat to authenticate users from our LDAP directory and allow them access to various parts of our web application based on groups and roles. That works slick as snot. Now I'd like to pluck a few more tidbits from our LDAP database -- email address, first name, last name. Things like that. Is it possible to transparently access the JndiRealm from a JSP or servlet, or do I need to make an explicit connection using the InitialContext? It seems like Tomcat's already made and is managing a connection to the LDAP server, so my app running inside of it shouldn't have to. Can I do that? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Accessing LDAP after authentication
I've gotten a JndiRealm working with Tomcat to authenticate users from our LDAP directory and allow them access to various parts of our web application based on groups and roles. That works slick as snot. Now I'd like to pluck a few more tidbits from our LDAP database -- email address, first name, last name. Things like that. Is it possible to transparently access the JndiRealm from a JSP or servlet, or do I need to make an explicit connection using the InitialContext? It seems like Tomcat's already made and is managing a connection to the LDAP server, so my app running inside of it shouldn't have to. Can I do that? Dave
Re: customized error pages in certificate-client authentication
RTFM. web.xml has ways to do this based on the HTTP error code yours would be the 404 HTTP error code Luis Urueña Frías escribió: Hi! I'm developing a java webapp over Tomcat 4.2, with client certificate authentication. Is there any way to configure a customize error page? When I enter in the webapp with an appropiate certificate, HTTPS runs fine. And when I enter without it, ssl handshake detects an error, an redirects it to an HTTP page not found error. However, this is a non-pretty process looking in a final-user pespective. Any idea?? Regards, Luis Urueña Frías - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
customized error pages in certificate-client authentication
Hi! I'm developing a java webapp over Tomcat 4.2, with client certificate authentication. Is there any way to configure a customize error page? When I enter in the webapp with an appropiate certificate, HTTPS runs fine. And when I enter without it, ssl handshake detects an error, an redirects it to an HTTP page not found error. However, this is a non-pretty process looking in a final-user pespective. Any idea?? Regards, Luis Urueña Frías - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Customizing BASIC authentication
Hi, Thanks to you both, but my question is not so much about how to get the user name in the request. Instead, it's this: I need to use basic authentication (i.e. the browser pops up the login), but then I need to run custom code to actually check the login and password with an internal system, instead of the usual options available out of the box (memory realms, jdbc realms, etc.) I thought at first I would need a custom realm, but several messages on this list gave me the impression that a realm can't really affect the request/response. I need to not only do custom authentication, but the response will also be completely customized to the user who logs in. I'm still learning here, but realms seem to be too limited, valves seem to be too complex for the job. Is there a simple middle ground? Thanks again, Fred At 02:41 PM 8/16/2004 -0400, you wrote: Someone please correct me if I'm wrong here... Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed. Bob On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: > You can use request.getRemoteUser() to obtain the username. The password > is not really accessible except by examining the http headers. > > Jake > > At 11:21 PM 8/13/2004 -0400, you wrote: > >Hi all, > > > >I've been spending the last few hours reading about realms, > >valves, authenticators and the like, and I'm totally confused. > >I'm hoping if I describe my situation, someone can help me > >cut through the fog. > > > >I'm working on a simple web app that will feed custom RSS XML > >to clients that must use basic authentication. In my application, > >I need to do more than just look up users somewhere. Instead, the > >login/password values returned via basic authentication headers will be > > used in some fairly complex ways to both authenticate and then > >construct the custom response. > > > >What is the simplest way to customize basic authentication > >in Tomcat 4? It seems that realms are not the way to go, since > >they just handle authentication and have nothing to do with the > >request/response. Valves/authenticators seem like overkill. Form > >based authentication is not an option. > > > >Can I have Tomcat manage basic authentication headers but pass > >the login/password values to my code? And can I then have access > >to that information in the servlet that creates the response? > > > >Many thanks, > > > >Fred > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Customizing BASIC authentication
Someone please correct me if I'm wrong here... Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed. Bob On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: > You can use request.getRemoteUser() to obtain the username. The password > is not really accessible except by examining the http headers. > > Jake > > At 11:21 PM 8/13/2004 -0400, you wrote: > >Hi all, > > > >I've been spending the last few hours reading about realms, > >valves, authenticators and the like, and I'm totally confused. > >I'm hoping if I describe my situation, someone can help me > >cut through the fog. > > > >I'm working on a simple web app that will feed custom RSS XML > >to clients that must use basic authentication. In my application, > >I need to do more than just look up users somewhere. Instead, the > >login/password values returned via basic authentication headers will be > > used in some fairly complex ways to both authenticate and then > >construct the custom response. > > > >What is the simplest way to customize basic authentication > >in Tomcat 4? It seems that realms are not the way to go, since > >they just handle authentication and have nothing to do with the > >request/response. Valves/authenticators seem like overkill. Form > >based authentication is not an option. > > > >Can I have Tomcat manage basic authentication headers but pass > >the login/password values to my code? And can I then have access > >to that information in the servlet that creates the response? > > > >Many thanks, > > > >Fred > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Customizing BASIC authentication
You can use request.getRemoteUser() to obtain the username. The password is not really accessible except by examining the http headers. Jake At 11:21 PM 8/13/2004 -0400, you wrote: Hi all, I've been spending the last few hours reading about realms, valves, authenticators and the like, and I'm totally confused. I'm hoping if I describe my situation, someone can help me cut through the fog. I'm working on a simple web app that will feed custom RSS XML to clients that must use basic authentication. In my application, I need to do more than just look up users somewhere. Instead, the login/password values returned via basic authentication headers will be used in some fairly complex ways to both authenticate and then construct the custom response. What is the simplest way to customize basic authentication in Tomcat 4? It seems that realms are not the way to go, since they just handle authentication and have nothing to do with the request/response. Valves/authenticators seem like overkill. Form based authentication is not an option. Can I have Tomcat manage basic authentication headers but pass the login/password values to my code? And can I then have access to that information in the servlet that creates the response? Many thanks, Fred - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Customizing BASIC authentication
Hi all, I've been spending the last few hours reading about realms, valves, authenticators and the like, and I'm totally confused. I'm hoping if I describe my situation, someone can help me cut through the fog. I'm working on a simple web app that will feed custom RSS XML to clients that must use basic authentication. In my application, I need to do more than just look up users somewhere. Instead, the login/password values returned via basic authentication headers will be used in some fairly complex ways to both authenticate and then construct the custom response. What is the simplest way to customize basic authentication in Tomcat 4? It seems that realms are not the way to go, since they just handle authentication and have nothing to do with the request/response. Valves/authenticators seem like overkill. Form based authentication is not an option. Can I have Tomcat manage basic authentication headers but pass the login/password values to my code? And can I then have access to that information in the servlet that creates the response? Many thanks, Fred - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Wierd Realm authentication problem - Tomcat 4.1.30 / Jakarta Stru ts 1.1 / Internet Explorer 5.5+ / Forms Authentication
I am having a bit of an intermittent problem with Realm Authentication. I've got a jdbc realm (backed by hsql) configured for form based authentication under Tomcat 4.1.30. My application is developed on Struts 1.1. The problem I'm running into is that even after entering correct credentials, I get a Not Authorized error. This happens intermittently for some reason and I have not been able to determine what the heck is going on. Are there any glitches with IE (as I'm suspsecting) that might cause this? I've exhausted all routes to try and figure out what is going on here but have not figured out what's causing the problem nor why it allows me in after a Ctrl+R. Any help would be GREATLY appreciated on this. I've got a time crunch to figure this out ASAP so if any of y'all (yes I'm down in the south) have any ideas on this I would greatly appreciate your input. Thanks.
serving pdf with CLIENT-CERT authentication
Hi,
I'm running an application with SSL-client certificate authentication.
It works fine, except one servlet that serves a PDF document. Yet that
servlet worked fine on a Tomcat 4.x.
Now, on a Tomcat 5.0.25, I get the following problem : when my Internet
Explorer 6 requests for the servlet, I get a popup ("open", "save",...),
which I didn't get with my Tomcat 4.x, and when I try to "open" or
"save" the PDF, Internet Explorer complains about the server
unavailability...
Enabling SSL trace, I don't see any error and I can see a few "WRITE:
SSLv3 Application Data" correspunding with the PDF served.
That's all the more surprising since it works fine on Tomcat 5.0.25 if I
use SSL with server authentication only and no security constraint in my
web app.
Any idea ?
Re: Beyond bassic form authentication?
Forget about thatthen.. I will just put a sign in link which will try to access the protected resource and then shoot the login page ;) Dennis Dai wrote: Then I guess you have to use your own authentication or modify the FormAuthentication class ... I believe TSS is using some kind of content management system (CMS), more like a home grown one. Anyways, JBoss ported PostNuke (a CMS written in PHP) to their platform, you might want to check it out ... On 7/27/2004 11:25 AM, Anastasios Angelidis wrote: I want to do exactly like the serverside.com You have alogin form on each unprotected page thata llows you to login So you can hit the news page, the discussion page, patterns etc... without having to login, but each section offer the login form... Dennis Dai wrote: On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
Then I guess you have to use your own authentication or modify the FormAuthentication class ... I believe TSS is using some kind of content management system (CMS), more like a home grown one. Anyways, JBoss ported PostNuke (a CMS written in PHP) to their platform, you might want to check it out ... On 7/27/2004 11:25 AM, Anastasios Angelidis wrote: I want to do exactly like the serverside.com You have alogin form on each unprotected page thata llows you to login So you can hit the news page, the discussion page, patterns etc... without having to login, but each section offer the login form... Dennis Dai wrote: On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
I want to do exactly like the serverside.com You have alogin form on each unprotected page thata llows you to login So you can hit the news page, the discussion page, patterns etc... without having to login, but each section offer the login form... Dennis Dai wrote: On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
That what Iwas saying previously. So how can I put a login page on my home page to allow access to the protected. Resources. theserverside.com has it and all kinds of web sites. Dennis Dai wrote: On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
So if I understand you...
On my index page which is not protected put a form with
And somewhere at the top of page have something like
if(getUserPrincipal()) redirect
I guess we can both try it lol...
Yiannis Mavroukakis wrote:
Ok..:)
Let me see if I got this right..if you put a form on the
unprotected resource that posts to j_security_check, in theory and
according to the servlet spec, you should be redirected to the same
url (or the requested url and be authenticated). If that is correct, you could then use
getUserPrincipal() to forward the user to the protected part. But as
I say, IF I am correct..otherwise I'll put the second D hat on.
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 27 July 2004 15:10
To: Tomcat Users List
Subject: Re: Beyond bassic form authentication?
That wont work.
Try navigating to the login page of the security sample on Tomcat. and
try loging in! It will throw an exception of the sort that it canot
authenticate against itself
Yiannis Mavroukakis wrote:
Why not make the welcome page part of the secured app
, let the users authenticate and then use getUserPrincipal()
to determine whether you need to redirect them to the secured pages.
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 27 July 2004 14:34
To: Yiannis Mavroukakis
Subject: Re: Beyond bassic form authentication?
Yeah it will but what will it do with it? ;)
I guess I have to explain this step by step lol
1- Create a directory /MyNewApp in /webapps and attach a context to it.
2- Create all standard webapp directories like /WEB-INF etc...
3- Create a new directory /secured in in the inside your new webpass
directory. Bassically /webapps/MyNewApp/secured
4- Put the security sample jsp pages that come with Tomcat within the
secured folder.
5- Create your user realm
6- Configure security constraints. Set constraint on the /secured
folder. Point authentication to the login.jsp... etc...
So now we are all happy?
Now open your browser and go to http://localhost:8080/MyNewApp/secured.
Tomcat notices thatthis is aprotected URL and shoot back to you the
login page You login and voila evryone is happy again!
Now create index.jsp page in your webapps root /MyNewApp and add it to
the list of welcome pages in your web.xml Which by default index.jsp
is configured as default page
Back in your browser go to: http://localhost:8080/MyNewApp/ and you
should see the new index.jsp page you just created...
Now we are all happy again! ;)
On this new index.jsp page create a login form. Now from this login form
I want to be authenticated to access /MyNewApp/secured.
So here we have to problems...
1- You canot put as the action point /secured. Even though you pass a
j_username and j_password fields with correct credential through the
POST, because you are not authenticated, it will shoot back at you the
login page that was configured in web.xml And then you can do proper login.
2- The action point canot be j_security_check because Tomcat will not
know what to do with it! Bassically your are posting a form with action
j_security_check from an unsecure resource. Even if Tomcat understood
and actually authneticated it you, where would it redirect you? It
wouldn't know. When you access a secure resource directly Tomcat
attaches the secured resource URL in some way to the login page. So when
you authenticate it knows where to redirect you.
Thanks
Yiannis Mavroukakis wrote:
Not sure I get this a 100% percent, but with regards to your last statement,
"Of course I canot just put a form on the welcome page with
action="<%=request.encodeURL("j_security_check")%>"
The browser wouldn't know where to post to."
The browser will post to the application server
anyway! It is no different than saying that the form will post to
either POST=http://foo.org/bar or to POST=bar (assume foo.org is the
domain of your application server).
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 26 July 2004 15:12
To: Tomcat Users List
Subject: Re: Beyond bassic form authentication?
Ok then I think the problem is not understood ;)
My form authentication does work. In fact I scabbed the whole security
sample :P
Like I noted... When I type the protected resources URL in the browser
address bar. Tomcats authentication kicks in and redirects me to the
login page I specified in my web.xml I type the username and password
that is stored in mysql and I login. This works fine.
What I want to do is access the protected resource from an unprotected
resource. For intsance on the welcome page of my web app which everyone
can see. I want to add a login form which will login the user and give
him access to the protect resource.
One solution is to just put a "Sign-In" link which will in turn try to
access the protected resource, but since the visit
RE: Beyond bassic form authentication?
Ok..:)
Let me see if I got this right..if you put a form on the
unprotected resource that posts to j_security_check, in theory and
according to the servlet spec, you should be redirected to the same
url (or the requested url and be authenticated). If that is correct, you could then use
getUserPrincipal() to forward the user to the protected part. But as
I say, IF I am correct..otherwise I'll put the second D hat on.
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 27 July 2004 15:10
To: Tomcat Users List
Subject: Re: Beyond bassic form authentication?
That wont work.
Try navigating to the login page of the security sample on Tomcat. and
try loging in! It will throw an exception of the sort that it canot
authenticate against itself
Yiannis Mavroukakis wrote:
>Why not make the welcome page part of the secured app
>, let the users authenticate and then use getUserPrincipal()
>to determine whether you need to redirect them to the secured pages.
>
>-Original Message-
>From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
>Sent: 27 July 2004 14:34
>To: Yiannis Mavroukakis
>Subject: Re: Beyond bassic form authentication?
>
>
>Yeah it will but what will it do with it? ;)
>
>I guess I have to explain this step by step lol
>
>1- Create a directory /MyNewApp in /webapps and attach a context to it.
>2- Create all standard webapp directories like /WEB-INF etc...
>3- Create a new directory /secured in in the inside your new webpass
>directory. Bassically /webapps/MyNewApp/secured
>4- Put the security sample jsp pages that come with Tomcat within the
>secured folder.
>5- Create your user realm
>6- Configure security constraints. Set constraint on the /secured
>folder. Point authentication to the login.jsp... etc...
>
>So now we are all happy?
>
>Now open your browser and go to http://localhost:8080/MyNewApp/secured.
>Tomcat notices thatthis is aprotected URL and shoot back to you the
>login page You login and voila evryone is happy again!
>
>Now create index.jsp page in your webapps root /MyNewApp and add it to
>the list of welcome pages in your web.xml Which by default index.jsp
>is configured as default page
>
>Back in your browser go to: http://localhost:8080/MyNewApp/ and you
>should see the new index.jsp page you just created...
>
>Now we are all happy again! ;)
>
>On this new index.jsp page create a login form. Now from this login form
>I want to be authenticated to access /MyNewApp/secured.
>
>So here we have to problems...
>1- You canot put as the action point /secured. Even though you pass a
>j_username and j_password fields with correct credential through the
>POST, because you are not authenticated, it will shoot back at you the
>login page that was configured in web.xml And then you can do proper login.
>
>2- The action point canot be j_security_check because Tomcat will not
>know what to do with it! Bassically your are posting a form with action
>j_security_check from an unsecure resource. Even if Tomcat understood
>and actually authneticated it you, where would it redirect you? It
>wouldn't know. When you access a secure resource directly Tomcat
>attaches the secured resource URL in some way to the login page. So when
>you authenticate it knows where to redirect you.
>
>Thanks
>
>Yiannis Mavroukakis wrote:
>
>
>
>>Not sure I get this a 100% percent, but with regards to your last statement,
>>"Of course I canot just put a form on the welcome page with
>>action="<%=request.encodeURL("j_security_check")%>"
>>The browser wouldn't know where to post to."
>>
>>The browser will post to the application server
>>anyway! It is no different than saying that the form will post to
>>either POST=http://foo.org/bar or to POST=bar (assume foo.org is the
>>domain of your application server).
>>
>>-Original Message-
>>From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
>>Sent: 26 July 2004 15:12
>>To: Tomcat Users List
>>Subject: Re: Beyond bassic form authentication?
>>
>>
>>Ok then I think the problem is not understood ;)
>>
>>My form authentication does work. In fact I scabbed the whole security
>>sample :P
>>
>>Like I noted... When I type the protected resources URL in the browser
>>address bar. Tomcats authentication kicks in and redirects me to the
>>login page I specified in my web.xml I type the username and password
>>that is stored in mysql and I login. This works fine.
>>
>>What I want to do is access the protected resource from an unprotected
>>resource. For intsance on the welcome page of my web
Re: Beyond bassic form authentication?
That wont work.
Try navigating to the login page of the security sample on Tomcat. and
try loging in! It will throw an exception of the sort that it canot
authenticate against itself
Yiannis Mavroukakis wrote:
Why not make the welcome page part of the secured app
, let the users authenticate and then use getUserPrincipal()
to determine whether you need to redirect them to the secured pages.
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 27 July 2004 14:34
To: Yiannis Mavroukakis
Subject: Re: Beyond bassic form authentication?
Yeah it will but what will it do with it? ;)
I guess I have to explain this step by step lol
1- Create a directory /MyNewApp in /webapps and attach a context to it.
2- Create all standard webapp directories like /WEB-INF etc...
3- Create a new directory /secured in in the inside your new webpass
directory. Bassically /webapps/MyNewApp/secured
4- Put the security sample jsp pages that come with Tomcat within the
secured folder.
5- Create your user realm
6- Configure security constraints. Set constraint on the /secured
folder. Point authentication to the login.jsp... etc...
So now we are all happy?
Now open your browser and go to http://localhost:8080/MyNewApp/secured.
Tomcat notices thatthis is aprotected URL and shoot back to you the
login page You login and voila evryone is happy again!
Now create index.jsp page in your webapps root /MyNewApp and add it to
the list of welcome pages in your web.xml Which by default index.jsp
is configured as default page
Back in your browser go to: http://localhost:8080/MyNewApp/ and you
should see the new index.jsp page you just created...
Now we are all happy again! ;)
On this new index.jsp page create a login form. Now from this login form
I want to be authenticated to access /MyNewApp/secured.
So here we have to problems...
1- You canot put as the action point /secured. Even though you pass a
j_username and j_password fields with correct credential through the
POST, because you are not authenticated, it will shoot back at you the
login page that was configured in web.xml And then you can do proper login.
2- The action point canot be j_security_check because Tomcat will not
know what to do with it! Bassically your are posting a form with action
j_security_check from an unsecure resource. Even if Tomcat understood
and actually authneticated it you, where would it redirect you? It
wouldn't know. When you access a secure resource directly Tomcat
attaches the secured resource URL in some way to the login page. So when
you authenticate it knows where to redirect you.
Thanks
Yiannis Mavroukakis wrote:
Not sure I get this a 100% percent, but with regards to your last statement,
"Of course I canot just put a form on the welcome page with
action="<%=request.encodeURL("j_security_check")%>"
The browser wouldn't know where to post to."
The browser will post to the application server
anyway! It is no different than saying that the form will post to
either POST=http://foo.org/bar or to POST=bar (assume foo.org is the
domain of your application server).
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 26 July 2004 15:12
To: Tomcat Users List
Subject: Re: Beyond bassic form authentication?
Ok then I think the problem is not understood ;)
My form authentication does work. In fact I scabbed the whole security
sample :P
Like I noted... When I type the protected resources URL in the browser
address bar. Tomcats authentication kicks in and redirects me to the
login page I specified in my web.xml I type the username and password
that is stored in mysql and I login. This works fine.
What I want to do is access the protected resource from an unprotected
resource. For intsance on the welcome page of my web app which everyone
can see. I want to add a login form which will login the user and give
him access to the protect resource.
One solution is to just put a "Sign-In" link which will in turn try to
access the protected resource, but since the visitor is not logged in,
he will be redirected to the login page.
The other solution which I want is to offer a login page directly on the
welcome page. Of course I canot just put a form on the welcome page with
action="<%=request.encodeURL("j_security_check")%>" The browser wouldn't
know where to post to.
Yiannis Mavroukakis wrote:
Anastasie I think what Robert means is you should "steal" some code
from the existing examples in Tomcat.
Yparxoune epishs kai alloi tropoi pou boreis na to kaneis ayto..boreis
kalista na exeis authentication mesw tou Apache kai enos module
pou koitaei gia valid accounts sthn mySQL sou.
Happy coding,
Yiannis
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 26 July 2004 14:13
To: Tomcat Users List
Apache1.3 SSL with client authentication jk2 tomcat 5
Hi, I'm looking to do the same thing as Radu Radutiu (archive here : http://www.junlu.com/msg/94462.html) but when i use int the httpd.conf directives like "JkSet2 workerEnv sslEnable 1" nothing work and apache don't start. Do you know how to use JkSet under apache 1.3 on Windows ? how to passe from apache to tomcat som environement variable like SSL client certificat ? Thanks a lot ++ - Créez gratuitement votre Yahoo! Mail avec 100 Mo de stockage ! Créez votre Yahoo! Mail Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis.Téléchargez GRATUITEMENT ici !
Re: Beyond bassic form authentication?
lol the loging.jsp page from the sample barely has anything to scab! :P Anyways scabbing doesn't help this case. As my authentication works. I have another problem. I replied to this e-mail detailing the prblem. Thanks. Sternbergh, Cornell wrote: I would guess that "code scabbing" is using another set of code as a kind of example... copy it and modify it as necessary. -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 09:13 To: Tomcat Users List Subject: Re: Beyond bassic form authentication? Does any one have any ideas on this? What is code scabbing? Thanks Robert Harper wrote: Did you try scabbing code from the login.jsp? You may want to use that and the user will gain access to the areas allowed with their group or role. Robert S. Harper 801.265.8800 ex. 255 -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 7:37 AM To: [EMAIL PROTECTED] Subject: Beyond bassic form authentication? So I setup my web app to use Form Authentication with a User Realm in my MySQL DB. It all works fine. I type the protected resources URL into the browser, I get redirected to the login page, I login and behold it works! ;) Now how would I give access to a secure resource from an unsecure resource. For instance... My webapp has a front page with recent news, welcome message etc... Standard home page stuff... Obviously I can put a sign-in link that will try to access the protected resource, which will then redirect to the login page... But is there a way to put a login form on the home page directly and post that form for authentication and from there give access to the protected resource? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Beyond bassic form authentication?
I would guess that "code scabbing" is using another set of code as a kind of example... copy it and modify it as necessary. -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 09:13 To: Tomcat Users List Subject: Re: Beyond bassic form authentication? Does any one have any ideas on this? What is code scabbing? Thanks Robert Harper wrote: >Did you try scabbing code from the login.jsp? You may want to use that and the >user will gain access to the areas allowed with their group or role. > >Robert S. Harper >801.265.8800 ex. 255 > > > >>-Original Message- >>From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] >>Sent: Friday, July 23, 2004 7:37 AM >>To: [EMAIL PROTECTED] >>Subject: Beyond bassic form authentication? >> >>So I setup my web app to use Form Authentication with a User Realm in my >>MySQL DB. It all works fine. I type the protected resources URL into the >>browser, I get redirected to the login page, I login and behold it works! ;) >> >>Now how would I give access to a secure resource from an unsecure >>resource. For instance... >> >>My webapp has a front page with recent news, welcome message etc... >>Standard home page stuff... >>Obviously I can put a sign-in link that will try to access the protected >>resource, which will then redirect to the login page... >>But is there a way to put a login form on the home page directly and >>post that form for authentication and from there give access to the >>protected resource? >> >>Thanks >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
Ok then I think the problem is not understood ;)
My form authentication does work. In fact I scabbed the whole security
sample :P
Like I noted... When I type the protected resources URL in the browser
address bar. Tomcats authentication kicks in and redirects me to the
login page I specified in my web.xml I type the username and password
that is stored in mysql and I login. This works fine.
What I want to do is access the protected resource from an unprotected
resource. For intsance on the welcome page of my web app which everyone
can see. I want to add a login form which will login the user and give
him access to the protect resource.
One solution is to just put a "Sign-In" link which will in turn try to
access the protected resource, but since the visitor is not logged in,
he will be redirected to the login page.
The other solution which I want is to offer a login page directly on the
welcome page. Of course I canot just put a form on the welcome page with
action="<%=request.encodeURL("j_security_check")%>" The browser wouldn't
know where to post to.
Yiannis Mavroukakis wrote:
Anastasie I think what Robert means is you should "steal" some code
from the existing examples in Tomcat.
Yparxoune epishs kai alloi tropoi pou boreis na to kaneis ayto..boreis
kalista na exeis authentication mesw tou Apache kai enos module
pou koitaei gia valid accounts sthn mySQL sou.
Happy coding,
Yiannis
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: 26 July 2004 14:13
To: Tomcat Users List
Subject: Re: Beyond bassic form authentication?
Does any one have any ideas on this? What is code scabbing?
Thanks
Robert Harper wrote:
Did you try scabbing code from the login.jsp? You may want to use that and the
user will gain access to the areas allowed with their group or role.
Robert S. Harper
801.265.8800 ex. 255
-Original Message-
From: Anastasios Angelidis [mailto:[EMAIL PROTECTED]
Sent: Friday, July 23, 2004 7:37 AM
To: [EMAIL PROTECTED]
Subject: Beyond bassic form authentication?
So I setup my web app to use Form Authentication with a User Realm in my
MySQL DB. It all works fine. I type the protected resources URL into the
browser, I get redirected to the login page, I login and behold it works! ;)
Now how would I give access to a secure resource from an unsecure
resource. For instance...
My webapp has a front page with recent news, welcome message etc...
Standard home page stuff...
Obviously I can put a sign-in link that will try to access the protected
resource, which will then redirect to the login page...
But is there a way to put a login form on the home page directly and
post that form for authentication and from there give access to the
protected resource?
Thanks
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs.
Note:__
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Beyond bassic form authentication?
Anastasie I think what Robert means is you should "steal" some code from the existing examples in Tomcat. Yparxoune epishs kai alloi tropoi pou boreis na to kaneis ayto..boreis kalista na exeis authentication mesw tou Apache kai enos module pou koitaei gia valid accounts sthn mySQL sou. Happy coding, Yiannis -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: 26 July 2004 14:13 To: Tomcat Users List Subject: Re: Beyond bassic form authentication? Does any one have any ideas on this? What is code scabbing? Thanks Robert Harper wrote: >Did you try scabbing code from the login.jsp? You may want to use that and the >user will gain access to the areas allowed with their group or role. > >Robert S. Harper >801.265.8800 ex. 255 > > > >>-Original Message- >>From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] >>Sent: Friday, July 23, 2004 7:37 AM >>To: [EMAIL PROTECTED] >>Subject: Beyond bassic form authentication? >> >>So I setup my web app to use Form Authentication with a User Realm in my >>MySQL DB. It all works fine. I type the protected resources URL into the >>browser, I get redirected to the login page, I login and behold it works! ;) >> >>Now how would I give access to a secure resource from an unsecure >>resource. For instance... >> >>My webapp has a front page with recent news, welcome message etc... >>Standard home page stuff... >>Obviously I can put a sign-in link that will try to access the protected >>resource, which will then redirect to the login page... >>But is there a way to put a login form on the home page directly and >>post that form for authentication and from there give access to the >>protected resource? >> >>Thanks >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
Does any one have any ideas on this? What is code scabbing? Thanks Robert Harper wrote: Did you try scabbing code from the login.jsp? You may want to use that and the user will gain access to the areas allowed with their group or role. Robert S. Harper 801.265.8800 ex. 255 -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 7:37 AM To: [EMAIL PROTECTED] Subject: Beyond bassic form authentication? So I setup my web app to use Form Authentication with a User Realm in my MySQL DB. It all works fine. I type the protected resources URL into the browser, I get redirected to the login page, I login and behold it works! ;) Now how would I give access to a secure resource from an unsecure resource. For instance... My webapp has a front page with recent news, welcome message etc... Standard home page stuff... Obviously I can put a sign-in link that will try to access the protected resource, which will then redirect to the login page... But is there a way to put a login form on the home page directly and post that form for authentication and from there give access to the protected resource? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: BASIC authentication not working, PLEASE HELP !
Salut Michele, Thanks for the tip. I didn't know about this option. However, I found what the problem was. If you look at my web.xml file, you'll see I fogot the 's' in . The most incredible thing is that Tomcat 5 didn't complain at all !!! And guess how I figured out ? I though there was a bug in the container so I downloaded Tomcat 4. And immediately this version complained about the mispelling... I'm quite surprised (and disappointed) because I did change the level of traces in the server.xml and no valuable information came out :-(. I hope this post will avoid other newbies to be stuck like I was. Merci, Laurent > Message du 23/07/04 à 21h36 > De : "Michele Ouellet" <[EMAIL PROTECTED]> > A : "Laurent Le Moux" <[EMAIL PROTECTED]> > Copie à : > Objet : Re: BASIC authentication not working, PLEASE HELP ! > > Salut Laurent, > > Did you start tomcat with the -security flag on the command line? > > Michele Ouellet > Stelvio Inc. > > - Original Message - > From: "Laurent Le Moux" <[EMAIL PROTECTED]> > Newsgroups: comp.lang.java.security > Sent: Thursday, July 22, 2004 10:27 AM > Subject: BASIC authentication not working, PLEASE HELP ! > > > > Hye ! > > > > I struggle for two days now with Tomcat 5 BASIC authentication. > > > > I read many posts about the problem but most of the people seem to > > have a login window appearing. I don't :-( > > > > jsp security examples, manager and admin work fine but my application > > just acts as if no authentication was required... > > > > I really don't see what's wrong with my config files. > > > > Can anybody help me, please ?!! > > > > Hereafter are the xml files : > > > > -- > > > > tomcat-users.xml : > > > > > > > > > > > > > > > >> roles="standard,manager"/> > > > > > > > > > > > > -- > > > > web.xml : > > > > > > > > > > > > > > > > /* > > > > > > standard > > > > > > > > > > BASIC > > > > > > > > standard > > > > > > > > > > -- > > > > server.xml : > > > > > > > > > > > type="org.apache.catalina.UserDatabase" > > description="User database that can be updated and saved"> > > > > > > > > factory > > org.apache.catalina.users.MemoryUserDatabaseFactory > > > > > > pathname > > conf/tomcat-users.xml > > > > > > > > > > > > > > > > > > > > > > > > > > > >> resourceName="UserDatabase" /> > > > > > > > > > > > > > type="javax.sql.DataSource"/> > > > > > > factory > > org.apache.commons.dbcp.BasicDataSourceFactory > > > > > > > > maxActive > > 3 > > > > > > > > maxIdle > > 1 > > > > > > > > username > > jSDB > > > > > > > > password > > jSDB > > > > > > > > driverClassName > > org.hsqldb.jdbcDriver > > > > > > > > url > > jdbc:hsqldb:hsql://localhost > > > > > > > > > > > > > > > > -- Faites un voeu et puis Voila ! www.voila.fr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
authentication question
Hi, I am trying to get application to authenticate so that the credentials are carried into all subsequent request, what I have a persistence realm that holds all the user/pasword and other info, I have a custom login screen that we are using for all appservers websphere,weblogic .. these other appserver have a API that allows me to login and authenticate the user, I want to do the same thing with tomcat 4.x, 5.x without using the web.xml security constraints, does anyone know a way that I can authenticate a user, I will be using the DataSource Realm that will be mapped to my persistence store. I have tried to use ServerFactory to try and get the services and the realm but haven't any luck with this. Thanks, don -- Best regards, Don mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
In english please! :P What's scabbing? Robert Harper wrote: Did you try scabbing code from the login.jsp? You may want to use that and the user will gain access to the areas allowed with their group or role. Robert S. Harper 801.265.8800 ex. 255 -Original Message- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 7:37 AM To: [EMAIL PROTECTED] Subject: Beyond bassic form authentication? So I setup my web app to use Form Authentication with a User Realm in my MySQL DB. It all works fine. I type the protected resources URL into the browser, I get redirected to the login page, I login and behold it works! ;) Now how would I give access to a secure resource from an unsecure resource. For instance... My webapp has a front page with recent news, welcome message etc... Standard home page stuff... Obviously I can put a sign-in link that will try to access the protected resource, which will then redirect to the login page... But is there a way to put a login form on the home page directly and post that form for authentication and from there give access to the protected resource? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Beyond bassic form authentication?
Did you try scabbing code from the login.jsp? You may want to use that and the user will gain access to the areas allowed with their group or role. Robert S. Harper 801.265.8800 ex. 255 > -Original Message- > From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] > Sent: Friday, July 23, 2004 7:37 AM > To: [EMAIL PROTECTED] > Subject: Beyond bassic form authentication? > > So I setup my web app to use Form Authentication with a User Realm in my > MySQL DB. It all works fine. I type the protected resources URL into the > browser, I get redirected to the login page, I login and behold it works! ;) > > Now how would I give access to a secure resource from an unsecure > resource. For instance... > > My webapp has a front page with recent news, welcome message etc... > Standard home page stuff... > Obviously I can put a sign-in link that will try to access the protected > resource, which will then redirect to the login page... > But is there a way to put a login form on the home page directly and > post that form for authentication and from there give access to the > protected resource? > > Thanks > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Beyond bassic form authentication?
So I setup my web app to use Form Authentication with a User Realm in my MySQL DB. It all works fine. I type the protected resources URL into the browser, I get redirected to the login page, I login and behold it works! ;) Now how would I give access to a secure resource from an unsecure resource. For instance... My webapp has a front page with recent news, welcome message etc... Standard home page stuff... Obviously I can put a sign-in link that will try to access the protected resource, which will then redirect to the login page... But is there a way to put a login form on the home page directly and post that form for authentication and from there give access to the protected resource? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does tomcat5 support digest authentication?
There is only very minimal support for DIGEST authentication. So minimal that in practice I can't see how it could be of any use at this point in time. It is on the list to be improved, but no idea for when: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/status.html Original Message Message-ID: <[EMAIL PROTECTED]> Date: Thu, 22 Jul 2004 20:35:13 -0700 (PDT) From: jiesheng zhang <[EMAIL PROTECTED]> Subject:Does tomcat5 support digest authentication? To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this The Entire Web Application /* tomcat DIGEST Tomcat Supported Realm An example role defined in \"conf/tomcat-users.xml\" tomcat However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Does tomcat5 support digest authentication?
I think it supports digest authentication. However I can not make it works even in the simplest case. I have a basic tomcat 5 installation with one of my web application. I'd like to use digest authentication(I do not send password to server in clear text). The configuration is like this The Entire Web Application /* tomcat DIGEST Tomcat Supported Realm An example role defined in "conf/tomcat-users.xml" tomcat However, it does not work. I always get 403 (access is denied error). If I use BASIC authentication, everything works fine. I searched the mail list. It seemed other people also has this problem. However there is no any solution posted for it. Have anyone get digest authentication works?If anyone does, what extra step/caution should I takes? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
BASIC authentication not working, PLEASE HELP !
Hello, I found the following interesting answer from Craig R. McClanahan to Sim IJskes concerning the use of BASIC authentication : > I was able to get basic authentication working by editing the file > "$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml and changing the > element from FORM > to BASIC. Then, accessing the following URL: > > http://localhost:8080/examples/jsp/security/protected > > correctly caused the basic authentication dialog to come up, and it correctly > rejected all > username/password combinations other than the one defined in the > conf/tomcat-users.xml file > (tomcat/tomcat). If you can find a scenario like this that doesn't work correctly, > could you > please report it? I did exactly the same test but I have a "scenario like this that doesn't work correctly" ;-) ! I struggle for two days now with Tomcat 5 BASIC authentication. I read many posts about the problem but most of the people seem to have a login window appearing. I don't :-( jsp security examples (quoted above), manager and admin authentication work fine but my application just acts as if no authentication was required... I really don't see what's wrong with my config files. The server.xml is a copy of the server-minimal.xml one where I added a database ressource. The web.xml is based on $TOMCAT_HOME/server/webapps/manager/WEB-INF/web.xml (i.e. a working example). Can anybody help me, please ?!! Hereafter are the xml files : -- tomcat-users.xml : -- web.xml : /* standard BASIC standard -- server.xml : factory org.apache.catalina.users.MemoryUserDatabaseFactory pathname conf/tomcat-users.xml factory org.apache.commons.dbcp.BasicDataSourceFactory maxActive 3 maxIdle 1 username jSDB password jSDB driverClassName org.hsqldb.jdbcDriver url jdbc:hsqldb:hsql://localhost -- Faites un voeu et puis Voila ! www.voila.fr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication method 'DIGEST'
Sure Tom, the development machine is Windows (XP) and in a domain, so that can only be NT or Active Directory. We also have a test Win2K machine (standalone), with the same behaviour. None of this should change anything AFAIK, since it is with the default UserDatabase (the XML file). We do not use JAAS or anything. - Original Message - From: <[EMAIL PROTECTED]> Sent: Mon, 12 Jul 2004 14:53:42 +0100 > What kind of Windows environment are you in? I think you've got to be a > NT or Active Directory domain. > > Tom Burke - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 12, 2004 2:28 PM Subject: Authentication method 'DIGEST' > > Does anyone know if the DIGEST authentication is supported by Tomcat 5? > I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a > > HTTP Status 403 - Access to the requested resource has been denied > > With the same configuration, changing only the method from DIGEST to BASIC works without problems.
RE: Authentication method 'DIGEST'
Sure Tom, the development machine is Windows (XP) and in a domain, so that can only be NT or Active Directory. Also have a test Win2K machine (standalone), with the same behaviour. None of this should change anything AFAIK, since it is with the default UserDatabase, we do not use JAAS or anything. - Original Message - From: <[EMAIL PROTECTED]> Sent: Mon, 12 Jul 2004 14:53:42 +0100 > What kind of Windows environment are you in? I think you've got to be a > NT or Active Directory domain. > > Tom Burke - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 12, 2004 2:28 PM Subject: Authentication method 'DIGEST' > > Does anyone know if the DIGEST authentication is supported by Tomcat 5? > I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a > > HTTP Status 403 - Access to the requested resource has been denied > > With the same configuration, changing only the method from DIGEST to BASIC works without problems.
Re: Authentication method 'DIGEST'
UserDatabase doesn't support DIGEST. In fact, it could be that only MemoryRealm (which supports everything) does. However, I can't be bothered to look :). <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Does anyone know if the DIGEST authentication is supported by Tomcat 5? > I have been trying to get it working with a Tomcat 5.0.24 on Windows and the default UserDatabase, but have not been completely successful. The authentication of a user seems to work OK (with the browser dialog being and so), but the principal is not available and probably the roles are not set and also I still get a > > HTTP Status 403 - Access to the requested resource has been denied > > With the same configuration, changing only the method from DIGEST to BASIC works without problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
