I am trying to use the JDBC realm in my Tomcat web application and
it mostly works, but after logging into the application, Tomcat
sends the application's style.css file to my browser...
I am using Tomcat 5.0.16 on a Fedora Core 2 system. I have configured
the JDBC realm this way in conf/server.xml:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost/authority"
connectionName="(REMOVED)" connectionPassword="(REMOVED)"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
In my application's web/WEB-INF/web.xml file, there is this:
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Document Munger</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>docmungerUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Document Munger</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This role includes all users who are allowed to use
(but not administer) the service.
</description>
<role-name>docmungerUser</role-name>
</security-role>
The web/login.jsp file contains this:
<%@ include file="header.inc" %>
<FORM METHOD="POST" ACTION="j_security_check">
Username:<BR>
<INPUT TYPE="text" NAME="j_username"><BR>
Password:<BR>
<INPUT TYPE="password" NAME="j_password"><BR>
<INPUT TYPE="submit" VALUE="Log in">
</FORM>
<%@ include file="footer.inc" %>
The web/header.inc file contains this:
<HTML>
<HEAD>
<LINK REL="StyleSheet" HREF="style.css" TYPE="text/css">
<TITLE><%= siteTitle %></TITLE>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
</HEAD>
<BODY>
This is where the "style.css" filename comes from. There is indeed
a web/style.css file.
In the MySQL server, there is a "users" table that contains this:
+-----------+-----------+
| user_name | user_pass |
+-----------+-----------+
| george | (REMOVED) |
+-----------+-----------+
There is also a "user_roles" table:
+-----------+---------------+
| user_name | role_name |
+-----------+---------------+
| george | docmungerUser |
+-----------+---------------+
I use ant to install the application, then I send my browser (Galeon
1.3) to <http://localhost:8080/docmunger/>. The login form appears.
I enter "george" and the password, and click "Log in". Then my
browser displays the style.css file... The location field of the
browser now shows <http://localhost:8080/docmunger/style.css>.
The catalina_log.2004-06-16.txt file says "Username george
successfully authenticated".
If I now ask my browser to go to <http://localhost:8080/docmunger/>
again, then I finally reach the real front page of the application
(index.jsp).
If I remove the <LINK> line from web/header.inc and reload the
application, then the problem disappears: I don't see style.css
and I reach index.jsp right after logging in.
I restarted Tomcat just before retrying this entire scenario.
I also see nothing suspicious appear in the logs.
I'm puzzled. What could cause this behavior, and how does Tomcat
decide to send style.css?
--
Pierre Sarrazin <sarrazip at sympatico dot ca>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
