Craig, thank you for your very strong support in the past day or two to guide me through problems with the container-managed authentication.
I looked at my web.xml file again and again. There is nothing wrong with the order of the elements in that file. And there is no stack trace in the log files that talks about an XML parsing error. I did some experiments. I found that as long as I have the JDBCRealm in the $TOMCAT_HOME/conf/server.xml, the Tomcat does not accept <security-constraint> element in the application's web.xml file. And the Tomcat gives me "the required resouce /MyApplication is not availabel" HTTP Status 404. Have you seen this kind of problem before? I have posted the question at the tomcat-user discussion forum. --Caroline --- "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote: > Caroline Jen wrote: > > >To answer your questions: > > > >1. The LOGON button links to a forward: > > <html:link forward="logon">LOGON</html:link> > > > > and in my struts-config.xml, I have > > > > <forward > > name="logon" > > path="/do/admin/Menu"/> > > > > > Well, that's the first problem ... security > constraints are only applied > on an original request from the client, not on a > forward. You'll need > to add redirect="true" to this, in order to get the > client to request it. > > >2. the <security-constraint> in my web-xml is: > > > > <security-constraint> > > <web-resource-collection> > > > ><web-resource-name>Administrative</web-resource-name> > > <!-- The URLs to protect --> > > <url-pattern>/do/admin/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <!-- The authorized users --> > > <role-name>administrator</role-name> > > <role-name>contributor</role-name> > > </auth-constraint> > > </security-constraint> > > > >By the way, there is another problem -- after the > >insertion of the <security-constraint>, the > >application totally stops functioning. No welcome > >page displayed. In the browser, I have > > > >HTTP Status 404 -/PracticeVersion > >description: The requested > resource(/PracticeVersion) > >is not availabe. > > > >and in the Tomcat log file, I have: > > > >LifecycleException: Container > >StandardContext[/PracticeVersion] has not been > started > > > > > That means you did not obey the required element > order in the web.xml > file. You'll undoubtedly see a stack trace in the > log files that talks > about an XML parsing error. > > The correct order is defined by the DTD for web.xml > files. Among other > places, you'll find a copy of the DTDs for Servlet > 2.2 and Servlet 2.3 > in the "lib" directory of your Struts distribution. > Open either > web_app_2_2.dtd or web_app_2_3.dtd (depending on > which version you're > using) and look for the line that starts <!ELEMENT > webapp ...>. The > list of element names in parentheses is the required > order for elements > in your own web.xml files. > > > > >Thereafter, I deleted the <security-constraint> > >element from the web.xml file. I have the welcome > >page displayed. After I click on the LOGON button > in > >the welcome page, the welcome page remains in the > >browser. The logon.jsp, which collects j-username, > >j_password, does not get displayed and > >http://localhost:8080/PracticeVersion/do/admin/Menu > >shows in the address bar. > > > > > Change your <forward> to add redirect="true" and put > the security > constraint in the correct order, and you should be > good to go. > > >--Caroline > > > Craig > > > > >--- "Craig R. McClanahan" <[EMAIL PROTECTED]> > wrote: > > > > > >>Caroline Jen wrote: > >> > >> > >> > >>>Thank you very much for the detailed explanation. > > >>>Yet, I still have hard time to make my > application > >>>work -- I am "able" to display the welcome page > (no > >>>problem). And I have > >>> > >>> > >>http://localhost:8080/PracticeVersion/do/Menu;jsessionid=0A6E76A8F3E849BC8DAAC45BFB72F72E > >> > >> > >>>in the address bar. > >>> > >>>However, after I click on the LOGON button in the > >>>welcome page, the welcome page > >>> > >>> > >>> > >>Where does this LOGON button submit to? If it > >>submits to > >>"j_security_check", you are doing this wrong. It > >>should submit to some > >>resource that is protected by a security > constraint. > >> > >> > >> > >>>remains in the browser. > >>>The logon.jsp, which collects j-username, > >>> > >>> > >>j_passwor, > >> > >> > >>>does not get displayed and > >>>http://localhost:8080/PracticeVersion/do/admin/Menu > >>>shows in the address bar. > >>> > >>>I do not know what went wrong. Could it be that > >>> > >>> > >>the > >> > >> > >>>JDBCRealm is not configured correctly? > >>> > >>>Because the LOGON button links to a forward: > >>><html:link forward="logon">LOGON</html:link> > >>> > >>>and in my struts-config.xml, I have > >>> > >>> <forward > >>> name="logon" > >>> path="/do/admin/Menu"/> > >>> > >>>The /do/admin/Menu is my protected resources. I > >>> > >>> > >>keep > >> > >> > >>>it unchanged. > >>> > >>> > >>> > >>> > >>It's only protected if it's listed in a > >><security-constraint> in web.xml. > >> > >> > >> > >>>1. I configured the Tomcat JDBCRealm and prepared > >>> > >>> > >>the > >> > >> > >>>users table, user-roles table according the > >>>instructions found at > >>> > >>> > >>http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html > >> > >> > >>> > >>> > >>> > >>> > >>Which Realm you use does not make any difference. > >> > >> > >> > >>>2. Because I want to use FORM based container > >>> > >>> > >>managed > === message truncated === __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
