On 20 Mar 2012, at 00:43, Martin Gainty <mgai...@hotmail.com> wrote: > > i would make sure you're welcome-file and form-login-page and url-pattern are > all located in the same spot
And that's an example of why people shouldn't listen to your advice, which is wrong (again). > <welcome-file>/WEB-INF/x/login.jsp</welcome-file> Never do the above. > <form-login-page>/WEB-INF/x/login.jsp</form-login-page> The above is what I said. > <url-pattern>/WEB-INF/x/suites.jsp</url-pattern> This is nonsense. Answers on a postcard as to why. > any reason why you're placing your jsps under WEB-INF instead of in the usual > location of webapps/webAppName? a) they're the login form/error page and aren't supposed to be accessed directly. b) because that's a good place to put views that are forwarded to by a controller, and aren't otherwise supposed to be accessed directly. p > > Martin > ______________________________________________ > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger > sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung > oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich > dem Austausch von Informationen und entfaltet keine rechtliche > Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen > wir keine Haftung fuer den Inhalt uebernehmen. > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le > destinataire prévu, nous te demandons avec bonté que pour satisfaire informez > l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci > est interdite. Ce message sert à l'information seulement et n'aura pas > n'importe quel effet légalement obligatoire. Étant donné que les email > peuvent facilement être sujets à la manipulation, nous ne pouvons accepter > aucune responsabilité pour le contenu fourni. > > >> From: neilmu...@gmail.com >> Date: Mon, 19 Mar 2012 10:35:54 +0000 >> Subject: Re: Tomcat, JSP and LDAP >> To: users@tomcat.apache.org >> >> On 18 March 2012 18:04, Pid <p...@pidster.com> wrote: >>> On 18/03/2012 13:34, Neil Munro wrote: >>> >>> <snip> >>> >>>> As for moving my login and fail_login jsp to web-inf the pages could not be >>>> located and a had a go working in the web.xml file pointing to a path >>>> relative to /../web-inf/ or similar, I shall try again but I did try your >>>> suggestion and will try again just to ensure I didn't simply make a typo. >>> >>> WEB-INF not web-inf. >>> >>> This will work: >>> >>> <!-- uses form-based authentication --> >>> <login-config> >>> <auth-method>FORM</auth-method> >>> <form-login-config> >>> <form-login-page>/WEB-INF/x/login.jsp</form-login-page> >>> <form-error-page>/WEB-INF/x/fail_login.jsp</form-error-page> >>> </form-login-config> >>> </login-config> >>> >>> Substitute the 'x' for the directory of your choice. >>> >>> >>> p >> >> This is the layout of my web.xml file: >> >> <?xml version="1.0" encoding="ISO-8859-1"?> >> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> >> >> <web-app version="2.4"> >> <display-name>Regressions Web GUI: V2</display-name> >> <description>A Web GUI for RIP regression test results: Version >> 2.</description> >> >> <welcome-file-list> >> <welcome-file>/WEB-INF/login/login.jsp</welcome-file> >> </welcome-file-list> >> >> <!-- LDAP stuff, hopefully! --> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Public Area</web-resource-name> >> <!-- Define the context-relative URL(s) to be protected --> >> <!--url-pattern/jsp/*/url-pattern--> >> </web-resource-collection> >> <auth-constraint> >> <!-- Anyone with one of the listed roles may access this area --> >> <role-name>my company users</role-name> >> </auth-constraint> >> </security-constraint> >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Protected Area</web-resource-name> >> <!-- Define the context-relative URL(s) to be protected --> >> <url-pattern>/WEB-INF/login/suites.jsp</url-pattern> >> <url-pattern>/WEB-INF/login/login.jsp</url-pattern> >> <url-pattern>/WEB-INF/login/fail_login.jsp</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <!-- Anyone with one of the listed roles may access this area --> >> <role-name>my company users</role-name> >> </auth-constraint> >> </security-constraint> >> >> <!-- uses form-based authentication --> >> <login-config> >> <auth-method>FORM</auth-method> >> <form-login-config> >> <form-login-page>/WEB-INF/login/login.jsp</form-login-page> >> <form-error-page>/WEB-INF/login/fail_login.jsp</form-error-page> >> </form-login-config> >> </login-config> >> >> <!-- Security roles referenced by this web application --> >> <security-role> >> <role-name>my company users</role-name> >> </security-role> >> </web-app> >> >> There is a login directory under WEB-INF with the files inside it, but >> I just get a 404 error when I try to access the pages that way, I >> don't understand how this format works, if /login.jsp refers to the >> login.jsp file located under the jsp directory, how does /WEB-INF mean >> the WEB-INF directory at the same level as jsp and not a directory >> inside jsp called WEB-INF? >> >> I have been informed there's a global user in the system that can be >> used to make the initial connection, so my realm config looks like >> this now: >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> connectionName="uid=connectuser,ou=my company >> users,dc=mycompany,dc=com" >> connectionPassword="parliament" >> connectionURL="ldap://my.ldap.server" >> alternateURL="ldap://my.ldap.server" >> userBase="ou=my company users,dc=mycompany,dc=com" >> userSearch="(sAMAccountName={0})" >> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" >> userPassword="userpassword" >> roleBase="ou=my company users,dc=mycompany,dc=com" >> roleSubtree="true" >> roleName="cn" >> roleSearch="(uniqueMember={0})" >> /> >> >> By working what I mean is that with the connection user in place, I >> get a list of users populating the selection box in the html page so >> the query runs and returns what I expect it to, but I still cannot get >> the system to verify a user and take them to a page inside the web >> app. >> >> I have appended the logging level line and done as you suggested, here >> is the log output: >> >> >> 2012-03-19 10:24:04 Commons Daemon procrun stderr initialized >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.AprLifecycleListener init >> INFO: The APR based Apache Tomcat Native library which allows optimal >> performance in production environments was not found on the >> java.library.path: <removed for space reasons> >> Mar 19, 2012 10:24:05 AM org.apache.coyote.http11.Http11Protocol init >> INFO: Initializing Coyote HTTP/1.1 on http-80 >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.Catalina load >> INFO: Initialization processed in 352 ms >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.StandardService start >> INFO: Starting service Catalina >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.StandardEngine start >> INFO: Starting Servlet Engine: Apache Tomcat/6.0.35 >> Mar 19, 2012 10:24:05 AM org.apache.catalina.realm.RealmBase init >> FINE: Register Realm Catalina:type=Realm,realmPath=/realm0 >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig >> deployDescriptor >> INFO: Deploying configuration descriptor host-manager.xml >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig >> deployDescriptor >> INFO: Deploying configuration descriptor manager.xml >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployWAR >> INFO: Deploying web application archive regressions.war >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory docs >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory examples >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory ROOT >> Mar 19, 2012 10:24:05 AM org.apache.coyote.http11.Http11Protocol start >> INFO: Starting Coyote HTTP/1.1 on http-80 >> Mar 19, 2012 10:24:05 AM org.apache.jk.common.ChannelSocket init >> INFO: JK: ajp13 listening on /0.0.0.0:8009 >> Mar 19, 2012 10:24:05 AM org.apache.jk.server.JkMain start >> INFO: Jk running ID=0 time=0/19 config=null >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.Catalina start >> INFO: Server startup in 668 ms >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: No applicable constraint located >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET / --> false >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: No applicable constraint located >> >> >> It looks to me (admittedly no expert) that it's unable to find >> something, I presume that with me using files stored in WEB-INF/login >> and getting a 404 error that this is all related. I moved the files >> from WEB-INF/login back to JSP and tried again getting this: >> >> 2012-03-19 10:28:41 Commons Daemon procrun stderr initialized >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.AprLifecycleListener init >> INFO: The APR based Apache Tomcat Native library which allows optimal >> performance in production environments was not found on the >> java.library.path: <removed for space reasons> >> Mar 19, 2012 10:28:42 AM org.apache.coyote.http11.Http11Protocol init >> INFO: Initializing Coyote HTTP/1.1 on http-80 >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.Catalina load >> INFO: Initialization processed in 353 ms >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.StandardService start >> INFO: Starting service Catalina >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.StandardEngine start >> INFO: Starting Servlet Engine: Apache Tomcat/6.0.35 >> Mar 19, 2012 10:28:42 AM org.apache.catalina.realm.RealmBase init >> FINE: Register Realm Catalina:type=Realm,realmPath=/realm0 >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig >> deployDescriptor >> INFO: Deploying configuration descriptor host-manager.xml >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig >> deployDescriptor >> INFO: Deploying configuration descriptor manager.xml >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployWAR >> INFO: Deploying web application archive regressions.war >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory docs >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory examples >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig >> deployDirectory >> INFO: Deploying web application directory ROOT >> Mar 19, 2012 10:28:43 AM org.apache.coyote.http11.Http11Protocol start >> INFO: Starting Coyote HTTP/1.1 on http-80 >> Mar 19, 2012 10:28:43 AM org.apache.jk.common.ChannelSocket init >> INFO: JK: ajp13 listening on /0.0.0.0:8009 >> Mar 19, 2012 10:28:43 AM org.apache.jk.server.JkMain start >> INFO: Jk running ID=0 time=0/14 config=null >> Mar 19, 2012 10:28:43 AM org.apache.catalina.startup.Catalina start >> INFO: Server startup in 659 ms >> Mar 19, 2012 10:28:53 AM org.apache.catalina.startup.HostConfig >> checkResources >> INFO: Undeploying context [/regressions] >> Mar 19, 2012 10:28:53 AM org.apache.catalina.startup.HostConfig deployWAR >> INFO: Deploying web application archive regressions.war >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET //login.jsp --> false >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: No applicable constraint located >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against >> GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' >> against GET /css/button.png --> false >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase >> findSecurityConstraints >> FINE: No applicable constraint located >> Mar 19, 2012 10:29:13 AM org.apache.coyote.http11.Http11Protocol pause >> INFO: Pausing Coyote HTTP/1.1 on http-80 >> Mar 19, 2012 10:29:14 AM org.apache.catalina.core.StandardService stop >> INFO: Stopping service Catalina >> Mar 19, 2012 10:29:14 AM org.apache.catalina.realm.RealmBase destroy >> FINE: unregistering realm Catalina:type=Realm,realmPath=/realm0 >> Mar 19, 2012 10:29:14 AM org.apache.coyote.http11.Http11Protocol destroy >> INFO: Stopping Coyote HTTP/1.1 on http-80 >> >> I can see that since I no longer get a 404 error and that the files >> are being listed now that I was correct in that files were not being >> found for whatever reasons, however I was dedirected back to the >> failed login page after trying to access the suites.jsp page. I don't >> see anything in the log about failing to authenticate a user or >> anything like that. >> >> I am guessing that perhaps the passwords are not being checked or sent >> correctly for authentication, I know that sometimes tomcat doesn't >> allow plain text passwords, but I am more tempted to think that >> perhaps I still have a misconfigured server.xml file to check the >> entered details. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org