Re: Tomcat and jsecurity help
OK I have been doing some work on this and I saw that my url is always the same, so that might be why Im not getting the results I want. The url in the browser is always something like: http://localhost:8080/MedPro/servlet/SvMedPro It should be something more like http://localhost:8080/MedPro/JSP/Comun/index.jsp or something like it isnt? Or it dosent matter and url are handled internally? Thanks ! -- View this message in context: http://www.nabble.com/Tomcat-and-jsecurity-help-tp21671743p21692875.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and jsecurity help
juanmanuelsanchez wrote: > Dosent seem to work, my idea is to have a common folder where everybody could > go, and other 3 where just authorized people can see the jsp. Thats why you > see 4 different security-constrain tags. > > Everybody should login no matter what. > > I think one of the problems is that how do I tell the app where to go once > the user has authenticated?. No, it's not. The user must request a secure page before the authentication component kicks in and shows the login form. During this process the original request is saved and is restored after a successful login. Can you post the HTML of your login form? p > Here is the realm > > driverName="org.gjt.mm.mysql.Driver" >connectionURL="jdbc:mysql://localhost/MedPro?user=x" > connectionPassword="xx" >userTable="users" userNameCol="user_name" userCredCol="user_pass" >userRoleTable="user_roles" roleNameCol="role_name"/> > > The realm works as far as I know. > > Thanks a lot for your help - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and jsecurity help
Dosent seem to work, my idea is to have a common folder where everybody could go, and other 3 where just authorized people can see the jsp. Thats why you see 4 different security-constrain tags. Everybody should login no matter what. I think one of the problems is that how do I tell the app where to go once the user has authenticated?. Here is the realm The realm works as far as I know. Thanks a lot for your help -- View this message in context: http://www.nabble.com/Tomcat-and-jsecurity-help-tp21671743p21683095.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and jsecurity help
juanmanuelsanchez wrote: > Im trying to make tomcat work with my jsecurity setup but Im having some > problems. > My jsp's are in different folders to make them more organized in sake of > security. So I have a main folder called JSP with 3 subfolders in it. > > So I have 3 tags setup depending on the folder I want > to access so I have something like: > > > > Comun > accessible by authenticated users of the DB > role > /JSP/Comun/* > GET > POST > PUT > DELETE > > > Este rol tiene accesso limitado > manager > Administracion > Gerencia > Medico > > > > > > CONFIDENTIAL > > > > > > > Admin > accessible by authenticated users of the DB > role > /JSP/Admin/* > GET > POST > PUT > DELETE > > > Este rol tiene accesso limitado > Administracion > > > > > > CONFIDENTIAL > > > > > But this dosent seem to work, first of all the login page is not displayed > and everyone seems to have access to the whole app. > > The if I try > > > > MedPro > accessible by authenticated users of the DB > role > /* > GET > POST > PUT > DELETE > > > Este rol tiene accesso ilimitado > manager > > > > > > CONFIDENTIAL > > > > > Then I get the login page but only the manager can access, and the rest > cant. So the login page is inside part of the app that has an auth constraint? Not sure if that'll mess things up, but you could try putting it in: /WEB-INF/login/login.jsp /WEB-INF/login/login-error.jsp ... where they'll be safe from prying eyes, but available to the application. What is your Realm config (don't forget to obscure any real passwords)? p > How can I make it work? > > Thanks. > > I have attached a file in case you want to see it more clearly. > > http://www.nabble.com/file/p21671743/sample.xml sample.xml - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat and jsecurity help
Im trying to make tomcat work with my jsecurity setup but Im having some problems. My jsp's are in different folders to make them more organized in sake of security. So I have a main folder called JSP with 3 subfolders in it. So I have 3 tags setup depending on the folder I want to access so I have something like: Comun accessible by authenticated users of the DB role /JSP/Comun/* GET POST PUT DELETE Este rol tiene accesso limitado manager Administracion Gerencia Medico CONFIDENTIAL Admin accessible by authenticated users of the DB role /JSP/Admin/* GET POST PUT DELETE Este rol tiene accesso limitado Administracion CONFIDENTIAL But this dosent seem to work, first of all the login page is not displayed and everyone seems to have access to the whole app. The if I try MedPro accessible by authenticated users of the DB role /* GET POST PUT DELETE Este rol tiene accesso ilimitado manager CONFIDENTIAL Then I get the login page but only the manager can access, and the rest cant. How can I make it work? Thanks. I have attached a file in case you want to see it more clearly. http://www.nabble.com/file/p21671743/sample.xml sample.xml -- View this message in context: http://www.nabble.com/Tomcat-and-jsecurity-help-tp21671743p21671743.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org