Dear all,
I'm just finished with my little apps (4
jsp and 3
servlets !) and I am trying to implement a simple authentication procedure ...
After a quick look to my "HeadFirst Servlet & JSP" I decided to try a "standard" FORM authentication since it is depicted as a very mere job !
The problem is that whatever I put in my DD web.xml, the server let me access to my JSP and Servlets w/o any request for authentication.
In order to
test the server I tried the autentication example from
TomCat (/jsp-example/security/protected/) and it works fine ; I guess that the configuration file server.xml is correct.
Herebelow is my DD web.xml and my tomcat-users.xml.
Thanks for any hints from anywhere that could help me find what I've missed
Regards
Laurent
web.xml :
=============================
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns = "http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<servlet>
<servlet-name>Select Ordres</servlet-name>
<servlet-class>servlet.SelectOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Select Ordres</servlet-name>
<url-pattern>/SelectOrdres.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>MaJ DataBase</servlet-name>
<servlet-class>servlet.MajDataBase</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MaJ DataBase</servlet-name>
<url-pattern>/MajDataBase.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Selection Ordres</servlet-name>
<servlet-class>servlet.SelectionOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Selection Ordres</servlet-name>
<url-pattern>/SelectionOrdres.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Statut Ordres</servlet-name>
<servlet-class>servlet.StatutOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Statut Ordres</servlet-name>
<url-pattern>/StatutOrdres.do</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Tomcat Server Configuration Security Constraint</display-name>
<web-ressource-collection>
<web-ressource-name>UpdateStatut</web-ressource-name>
<url-pattern>/*.jsp</url-pattern>
<url-pattern>/*.do</url-pattern>
<url-pattern>/*.html</url-pattern>
</web-ressource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Tomcat Server Configuration Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
tomcat-users.xml :
==========================================================================<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin" description="Administration Tool users"/>
<role rolename="guest" description="affichage seulement"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="role1" fullName="role guest pour l'affichage"/>
<user username="lsalse" password="lsalse" fullName="Laurent SALSE" roles="admin,manager"/>
</tomcat-users>