hi all i want to implement form-based authentication in my web application.Referring to HFSJ chapter 12, i included the following in my DD <security-role> <role-name>tomcat</role-name> <role-name>role1</role-name> <role-name>manager</role-name> <role-name>admin</role-name> </security-role>
May I know the meaning of still not working. It must show atleast the log-on screen though the <security-role> entries are in-correct. Does is not accept the username/password and goning to error page or totally not showing the log-on screen ? Which version of tomcat you are using ?
hi Narendra, Initially i wasnt getting the login page, but it was my mistake in mentioning the <url-pattern>. But now i corrected it so i am getting the login page atleast but when i enter the authorised username n password it gives me following error.... HTTP Status 405 - HTTP method GET is not supported by this URL
Though i havnt used Get in any of the jsp or servlet.
Hope you have made changes in <security-role> in DD and the login form html as suggested by Chandra. As the browser showing login form ( your html page) the auth mechnism is working correctly. Check your server log where it is throwing error. In the testing envorinment we usually make lot of changes in DD and there are multiple servelt / JSP are configured in the single DD for diff goal, so it is very difficult to analyse the problem. Try it to run as seperate application.
If the <url-pattern> defined in your application pointing to specific servlet/JSP make sure that define both get and post methods. When we type a UL in browser URL window it is GET request. But as per the security constraints defined in the DD only POST method can access the URL.
To make the testing simple remove the <http-method> from <web-resource-collection> and test it for all method.
[ October 11, 2005: Message edited by: Narendra Dhande ] [ October 11, 2005: Message edited by: Narendra Dhande ]
Chandra n Narendra thanx for your help. My problem is solved i used a doGet() in my servlet class n in it called the doPost(). Its working perfectly now. Also Chandra it isnt necessary to write the <role-names> separatly in <security-roles>.
again thanx to u both for helping me out.
posted 14 years ago
Are you very sure that the auth mechanism is working perfectly without writing the <role-name> in <security-role> seperately. As per the DD it must be seperate. Are you getting the target servlet/JSP after authentication ?
Yes i am sure. you can also refer to HFSJ pg 632, ch 12.
posted 14 years ago
I am using tomcat 5.5 and netbean IDE. When I try to validate, it is showing me error in DD with composite entries of <security-role>. I do not have H&F book. As per the specification it should be seperate. I read somewhere in this forum about these entries in Erratta of H&F book that it should be seperate.
On my installation, it is showing log-in page and then can not authenticate the user/passwd if I use the <security-role> as you specified.