Re: Tomcat with JBuilder: Basic authorization

Tue, 17 Apr 2007 04:14:49 -0700 

Hello !

First of all : maybe you should consider giving exception traces in english
! Because you know, I doubt that a lot of people here can speak Italian.
Yes, I know : your Tomcat and your JBuilder are in italian...





If i compile the web application into a .war and deploy on a standalone

tomcat, it just works, it asks me for user and pass of xx rule and let me
access it. If i run from JBuilder i get error:

org.apache.catalina.realm.JAASRealm authenticate
GRAVE: Unexpected error
java.lang.SecurityException: Impossibile trovare una configurazione di
login




It looks that Tomcat is unable to find its configuration file. And I'm not
surprised since the official doc (
http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html)
says that you must tweak your
server.xml too. But maybe is it a JBuilder conf file ? I don't know, I'm
using Eclipse.







If i remove from web.xml the following part:


  <security-constraint>
    <display-name>Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>xx</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Protected Area</realm-name>
  </login-config>
  <security-role>
    <role-name>xx</role-name>
  </security-role>

then JBuilder will not throw the error.
Probably it ignores the tomcat-users.xml file in /conf/ dir?




No but since you  are removing the security constraint it  doesn't apply any
more ! :-) This line : <url-pattern>/*</url-pattern> means that you must be
logged in in order to access any ( /* ) page of your webapp. Remove this
and, in the opposite, you can freely browse through the app.






The strange thing is that if i remove auth part from web.xml, on JBuilder,

when i run it, the user/pass form still shows, but i just ignore it or click
cancel, and if i point with web browser to localhost:8080/xx i can access
succesfully.




See above. IMHO, the form still shows because it is the first page of your
app. Which is a requirement of Tomcat, AFAIK.






I think i gave u all the information needed to find the problem. Hope u can

get a solution for it, i can't figure how to solve from months :( Every time
i have to add/remove the auth part from web.xml either i'm debugging or
deploying: quite frustrating.

Thanks in advance.




HTH,

Pierre Goupil



--
A celle qui se souvient de chaque parole prononcée,
Du premier cri du bébé au serment du héros.
Tu es mon témoin éternel.

Reply via email to