I'm using form based authentication with tomcat. The relevant stuff to authentication is detailed below:
In the web.xml file associated with the web application in question:
<security-constraint>
<web-resource-collection>
<web-resource-name>WebQuery</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>query</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login_error.html</form-error-page>
</form-login-config>
</login-config>
The login page:
<html>
<head>
<title>WebQuery Login Page</title>
</head>
<body>
<form method="POST" action='j_security_check'>
<table width="100%" border="0">
<tr>
<td>
<div align="center"><img src="financial_reports.gif" width="600"
height="81" alt="Financial Summary Reports"><br>
<br>
<table width="587" border="0" class="tblbrdr" cellpadding="4"
cellspacing="0">
<tr>
<td width="27%"> <b>Username:</b></td>
<td colspan="2" width="73%"><input type="text"
name="j_username"></td>
</tr>
<tr>
<td width="27%"> <b>Password:</b></td>
<td colspan="2" width="73%"><input type="password"
name="j_password"></td>
</tr>
<tr>
<table width="587" border="0">
<tr>
<td>
<input type="submit" value="Login Now">
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</FORM>
</body>
</html>
tomcat-users.xml:
<tomcat-users>
<user name="mcrutcher" password="****" roles="admin"/>
</tomcat-users>
I think that this stuff is ok, but if you find anything let me know. If you want me to post the full code of the rest of the webapp I will, but I'm fairly convinced that something really wacky is going on with the authentication. I'm using Tomcat 4.0.
This problem just seemed to appear out of thin air. One day everyone was accessing the page with reasonable load times, the next day this wierdness showed up. I'm really dead in the
water until I figure this out, I'd really appreciate any help.
Michael Crutcher
Comment from mcrutcher
04/16/2003 10:30AM PST
I'm using form based authentication with tomcat. The relevant stuff to authentication is detailed below:
In the web.xml file associated with the web application in question:
<security-constraint>
<web-resource-collection>
<web-resource-name>WebQuery</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>query</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login_error.html</form-error-page>
</form-login-config>
</login-config>
The login page:
<html>
<head>
<title>WebQuery Login Page</title>
</head>
<body>
<form method="POST" action='j_security_check'>
<table width="100%" border="0">
<tr>
<td>
<div align="center"><img src="financial_reports.gif" width="600"
height="81" alt="Financial Summary Reports"><br>
<br>
<table width="587" border="0" class="tblbrdr" cellpadding="4"
cellspacing="0">
<tr>
<td width="27%"> <b>Username:</b></td>
<td colspan="2" width="73%"><input type="text"
name="j_username"></td>
</tr>
<tr>
<td width="27%"> <b>Password:</b></td>
<td colspan="2" width="73%"><input type="password"
name="j_password"></td>
</tr>
<tr>
<table width="587" border="0">
<tr>
<td>
<input type="submit" value="Login Now">
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</FORM>
</body>
</html>
tomcat-users.xml:
<tomcat-users>
<user name="mcrutcher" password="****" roles="admin"/>
</tomcat-users>
I think that this stuff is ok, but if you find anything let me know. If you want me to post the full code of the rest of the webapp I will, but I'm fairly convinced that something really wacky is going on with the authentication. I'm using Tomcat 4.0.
This problem just seemed to appear out of thin air. One day everyone was accessing the page with reasonable load times, the next day this wierdness showed up. I'm really dead in the water until I figure this out, I'd really appreciate any help.
Michael Crutcher