Re: jdbc realm + form authenication setup
Hello Thanks for the below info, I read the servlet spec and it helped, but I still can not get the form based authenication to work. I have attached the web.xml and tomcat-users.xml files, the welcome-file should be restricted, it does bring up the login page but then it displays the failed login page - is there still something wrong with this set up. Thanks Julie web.xml welcome-file-list welcome-file/assistant/restricted/test.htm/welcome-file /welcome-file-list security-constraint web-resource-collection web-resource-nameAssistant/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/restricted/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-namemanager/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.htm/form-login-page form-error-page/loginFailed.htm/form-error-page /form-login-config /login-config security-role role-namemanager/role-name /security-role tomcat-users.xml tomcat-users user name=operate password=operatethis roles=manager / /tomcat-users [EMAIL PROTECTED] on 04/29/2002 02:58:49 PM Please respond to [EMAIL PROTECTED] To:[EMAIL PROTECTED] cc: Subject:Re: jdbc realm + form authenication setup Hi Julie, In your web.xml file if you specify auth-method FORM you have to give it two form names like so: auth-methodFORM/auth-method form-login-config form-login-page/login.htm/form-login-page form-error-page/loginFailed.htm/form-error-page /form-login-config You only use realm-name if you are using the BASIC authentication scheme. You have to provide the pages for form-login and form-error. In the login page you must have a form with action j_security_check, like so. form name=login method=post action=j_security_check That form has to have a field called j_username and another called j_password. Does your Sybase driver info work without security? Also you may not want to digest your passwords until you get everything else working to eliminate that as the source of the error. To get details on setting up the web.xmlfile and server.xml files download the Servlet 2.3 specification from java.sun.com. It's fairly short and is in pdf format. Hope this helps, Rick - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 29, 2002 11:48 AM Subject: jdbc realm + form authenication setup Hello I have been unable to set up jdbc realm with form authenication method. I have the jsp, the server.xml and web.xml files configured but it doesn't work - I am missing sometime but have not found a good resource to explain exactly what this is. Does anybody have an example/know of a good resource? Using Tomcat 4.0 and Sybase. in server.xml Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.sybase.jdbc2.jdbc.SybDriver digest=digest connectionURL =jdbc:sybase:Tds:server:port/db?user=useramp;password=user userTable= userTable userNameCol=nameTable userCredCol=user_pswd userRoleTable = roles roleNameCol=roleName/ in web.xml security-constraint web-resource-collection web-resource-nameConfiguration/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/assistant/url-pattern /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameoperate/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameEBasic Authentication Area/realm-name /login-config Thanks Julie This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase Co., its subsidiaries and affiliates. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy
Re: jdbc realm + form authenication setup /solution/end
Hello again, I found the solution, tomcat-users.xml was in the wrong directory. Thanks Julie. [EMAIL PROTECTED] on 04/30/2002 06:26:17 AM Please respond to [EMAIL PROTECTED] To:[EMAIL PROTECTED] cc: Subject:Re: jdbc realm + form authenication setup Hello Thanks for the below info, I read the servlet spec and it helped, but I still can not get the form based authenication to work. I have attached the web.xml and tomcat-users.xml files, the welcome-file should be restricted, it does bring up the login page but then it displays the failed login page - is there still something wrong with this set up. Thanks Julie web.xml welcome-file-list welcome-file/assistant/restricted/test.htm/welcome-file /welcome-file-list security-constraint web-resource-collection web-resource-nameAssistant/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/restricted/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-namemanager/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.htm/form-login-page form-error-page/loginFailed.htm/form-error-page /form-login-config /login-config security-role role-namemanager/role-name /security-role tomcat-users.xml tomcat-users user name=operate password=operatethis roles=manager / /tomcat-users [EMAIL PROTECTED] on 04/29/2002 02:58:49 PM Please respond to [EMAIL PROTECTED] To:[EMAIL PROTECTED] cc: Subject:Re: jdbc realm + form authenication setup Hi Julie, In your web.xml file if you specify auth-method FORM you have to give it two form names like so: auth-methodFORM/auth-method form-login-config form-login-page/login.htm/form-login-page form-error-page/loginFailed.htm/form-error-page /form-login-config You only use realm-name if you are using the BASIC authentication scheme. You have to provide the pages for form-login and form-error. In the login page you must have a form with action j_security_check, like so. form name=login method=post action=j_security_check That form has to have a field called j_username and another called j_password. Does your Sybase driver info work without security? Also you may not want to digest your passwords until you get everything else working to eliminate that as the source of the error. To get details on setting up the web.xmlfile and server.xml files download the Servlet 2.3 specification from java.sun.com. It's fairly short and is in pdf format. Hope this helps, Rick - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 29, 2002 11:48 AM Subject: jdbc realm + form authenication setup Hello I have been unable to set up jdbc realm with form authenication method. I have the jsp, the server.xml and web.xml files configured but it doesn't work - I am missing sometime but have not found a good resource to explain exactly what this is. Does anybody have an example/know of a good resource? Using Tomcat 4.0 and Sybase. in server.xml Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.sybase.jdbc2.jdbc.SybDriver digest=digest connectionURL =jdbc:sybase:Tds:server:port/db?user=useramp;password=user userTable= userTable userNameCol=nameTable userCredCol=user_pswd userRoleTable = roles roleNameCol=roleName/ in web.xml security-constraint web-resource-collection web-resource-nameConfiguration/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/assistant/url-pattern /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameoperate/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameEBasic Authentication Area/realm-name /login-config Thanks Julie This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase Co., its subsidiaries and affiliates. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] This communication
Re: jdbc realm + form authenication setup
Hi Julie, In your web.xml file if you specify auth-method FORM you have to give it two form names like so: auth-methodFORM/auth-method form-login-config form-login-page/login.htm/form-login-page form-error-page/loginFailed.htm/form-error-page /form-login-config You only use realm-name if you are using the BASIC authentication scheme. You have to provide the pages for form-login and form-error. In the login page you must have a form with action j_security_check, like so. form name=login method=post action=j_security_check That form has to have a field called j_username and another called j_password. Does your Sybase driver info work without security? Also you may not want to digest your passwords until you get everything else working to eliminate that as the source of the error. To get details on setting up the web.xmlfile and server.xml files download the Servlet 2.3 specification from java.sun.com. It's fairly short and is in pdf format. Hope this helps, Rick - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 29, 2002 11:48 AM Subject: jdbc realm + form authenication setup Hello I have been unable to set up jdbc realm with form authenication method. I have the jsp, the server.xml and web.xml files configured but it doesn't work - I am missing sometime but have not found a good resource to explain exactly what this is. Does anybody have an example/know of a good resource? Using Tomcat 4.0 and Sybase. in server.xml Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.sybase.jdbc2.jdbc.SybDriver digest=digest connectionURL =jdbc:sybase:Tds:server:port/db?user=useramp;password=user userTable= userTable userNameCol=nameTable userCredCol=user_pswd userRoleTable= roles roleNameCol=roleName/ in web.xml security-constraint web-resource-collection web-resource-nameConfiguration/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/assistant/url-pattern /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameoperate/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameEBasic Authentication Area/realm-name /login-config Thanks Julie This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase Co., its subsidiaries and affiliates. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
