On 20/08/2009 12:40, Dean Chester wrote:
By default realm i mean the one that is set up in the server.xml and it is a
JDBC Realm.
Which'll do for testing, but you should use a DataSourceRealm for
production.
p
Dean
On Thu, Aug 20, 2009 at 12:36 PM, Dean Chester<
dean.g.ches...@googlemail.com> wrote:
Sorry about that.
Yes i have a index page in the restricted area that has links to other
restricted jsps. The Logs are not reporting anything. How do you mean encode
your urls? I haven't set a time out in the web.xml file so its using the
default. The time between clicks is usually about 1-2 seconds. Here is some
of my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>users</web-resource-name>
<url-pattern>/add/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
I am using the default realm which i know works.
Dean
On Thu, Aug 20, 2009 at 12:19 PM, Pid<p...@pidster.com> wrote:
On 20/08/2009 11:55, Dean Chester wrote:
Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i
mean once logged in i have to login again after clicking on a link in
the restricted area.
Dean
You don't need to reply-to-all, just to the list. I'm obviously on the
mailing list, so I'll get the message anyway - I don't need it twice.
/myapp/index.jsp
/myapp/secure/index.jsp
/myapp/secure/page2.jsp
So you're logging into the secure area, and trying to view, e.g. page2.jsp
from a link on the e.g. index.jsp page?
Do the logs have any errors in them?
If so, what are they?
Are you encoding all of the URLs properly?
How long between clicks?
What is the session timeout in your web.xml?
How have you defined the<security-constraint> in web.xml?
Which Realm are you using?
Perhaps you could post a little bit more information?
p
On Thu, Aug 20, 2009 at 11:23 AM, Pid<p...@pidster.com
<mailto:p...@pidster.com>> wrote:
On 20/08/2009 10:40, Dean Chester wrote:
Hi,
I've written my application using j_security_check yet i keep
having to log
in in the restricted area. Has anyone else experienced this?
Yep. I have to log in each time I want to use our app - it's a side
effect of implementing security.
Or is your question referring to a less vague and more specific issue?
Because it works with a small amount of JSPs and then when i
implement it all in to my
application it doesn't work.
I might need to warm up my Internet Telepathy(tm) without some more
information...
Where am i most likely going wrong?
Not telling us your Tomcat version, JVM version, OS version...
p
Thanks in advance
Dean
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail: users-h...@tomcat.apache.org
<mailto:users-h...@tomcat.apache.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
