Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Java Application

Reply
Thread Tools

Java Application

 
 
Scott
Guest
Posts: n/a
 
      02-25-2013
I am trying to create a web application called hotdotcom. It is an example from Hall’s Core Servlets and JavaServer Pages Volume 2: Advanced Technologies - Second Edition. It is found in Chapter 3: Declarative Security – 3.1 Form-Based Authentication.

The web application uses container-managed security: From-based. The web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a protected URL I receive the login form just fine, but when I fill it out I am always sent to my login-error.jsp page. I have added four users to Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)

I receive the following statement in the Tomcat log:
2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
EmbededTomcat: Startup time 56
2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
ureRandom
2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<!-- Disable the invoker servlet -->
<servlet>
<servlet-name>NoInvoker</servlet-name>
<servlet-class>coreservlets.NoInvokerServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>NoInvoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>

<!-- If the URL (submitted by the client) gives a directory but no filename, try index.jsp first and
index.html second. If neither is found, the result is server specific (e.g., a directory listing). -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>

<!-- Propect everyting within the "investing" directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Investing</web-resource-name>
<url-pattern>/investing/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>registered-user</role-name>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>

<!-- Tell the server to use form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/login-error.jsp</form-error-page>
</form-login-config>
</login-config>

<!-- Declare security roles used in this application.-->
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>registered-user</role-name>
</security-role>

</web-app>

tomcat-users.xml
<tomcat-users>

<!-- 2/4/2013 SDU Added on 2/4/2013 -->
<role rolename="registered-user" />
<role rolename="administrator" />

<user name="john" password="nhoj" roles="registered-user" />
<user name="jane" password="enaj" roles="registered-user" />
<user name="juan" password="nauj" roles="administrator" />
<user name="juana" password="anauj" roles="administrator,registered-user" />

<!-- Original contents of tomcat-users.xml-->

<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
 
Reply With Quote
 
 
 
 
Arne Vajhøj
Guest
Posts: n/a
 
      02-26-2013
On 2/25/2013 11:49 AM, Scott wrote:
> I am trying to create a web application called hotdotcom. It is an
> example from Hall’s Core Servlets and JavaServer Pages Volume 2:
> Advanced Technologies - Second Edition. It is found in Chapter 3:
> Declarative Security – 3.1 Form-Based Authentication.
>
> The web application uses container-managed security: From-based. The
> web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a
> protected URL I receive the login form just fine, but when I fill it out
> I am always sent to my login-error.jsp page. I have added four users to
> Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)
>
> I receive the following statement in the Tomcat log:
> 2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
> 2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
> 2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
> EmbededTomcat: Startup time 56
> 2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
> ureRandom
> 2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session


You should have a lot more log in the two log files produced by Tomcat.

> tomcat-users.xml
> <tomcat-users>
>
> <!-- 2/4/2013 SDU Added on 2/4/2013 -->
> <role rolename="registered-user" />
> <role rolename="administrator" />
>
> <user name="john" password="nhoj" roles="registered-user" />
> <user name="jane" password="enaj" roles="registered-user" />
> <user name="juan" password="nauj" roles="administrator" />
> <user name="juana" password="anauj" roles="administrator,registered-user" />
>
> <!-- Original contents of tomcat-users.xml-->
>
> <user name="tomcat" password="tomcat" roles="tomcat" />
> <user name="role1" password="tomcat" roles="role1" />
> <user name="both" password="tomcat" roles="tomcat,role1" />
> </tomcat-users>


I am wondering whether the reference to two not defined
roles may cause problems.

Could you try fix that?

Arne

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hey i am just started java,, can anyone tell me the use ,application, why java , importance of java.. manish sahu Java 3 02-14-2008 12:00 AM
Manipulating a Third-Party Java Application from another Java Application travis.troyer@gmail.com Java 6 04-10-2007 05:43 AM
How to tell if a java application was invoked with 'java' or 'javaw' Michael Java 4 11-10-2004 08:20 PM
Connect using Java RMI to a running Java Application vnssoftware Java 0 08-12-2004 04:51 PM
How can I pass "-verbosegc" to a java application which is launched by "Java Web Start" Willi Sanders Java 0 11-25-2003 11:58 AM



Advertisments