This week's book giveaway is in the General Computing forum.
We're giving away four copies of Learning Regular Expressions and have Ben Forta on-line!
See this thread for details.
Win a copy of Learning Regular Expressions this week in the General Computing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Problem with secure connection and Form Based Authentication  RSS feed

 
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Firefox can't establish a connection to the server at localhost:8443.



Message that I am getting when I try to establish a secure a connection with
Form based authentication

Here is my code



Scenario-II

I am executing the application without <user-data-constraint> element
in web.xml file. The servlet which is refered by ["Beer/AddRecipe/*"] has
both GET and POST method implementations. I don't understand why the GET
implementation is being invoked when I provide the correct username/password
in custom login page.

Kindly guide me.

[ December 14, 2005: Message edited by: Vishnu Prakash ]
[ December 14, 2005: Message edited by: Vishnu Prakash ]
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which servlet container are you using? Have you configured it to use SSL?
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using tomcat 5. I didn't configure with SSL.

I appreciate if you help me with a tutorial/link to start with SSL.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to configure SSL and enable SSL on port 8443 before you can use it. This happens in the <tomcat_home>/conf/server.xml file.

A good HOWTO is on the tomcat site:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
 
Vishnu Prakash
Ranch Hand
Posts: 1026
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No problems, tell us how you go.
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


I am executing the application without <user-data-constraint> element
in web.xml file.



Request Header for a constrained Resource


POST /SecurityCheck/Beer/AddRecipe/* HTTP/1.1



Response Header for a constrained Resource


HTTP/1.x 200 OK



But the server is supposed to issue a 401 Unauthorized response here. This happens only when I use <auth-method> as FORM. I tried with BASIC, for which I received a 401 Unauthorized response.


The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password.



I found the answer for this.

Excerpt from w3.org


Note: However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless
of the original request method.

 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


No problems, tell us how you go.



Not smooth.

After all those configuration chages in server.xml and creating my own certificate using keytool I am able to switch from http to https.

I face two problems after the protocol transfer.

1. since I had configured FORM based authentication once the protocol switch has been made the server is to supposed to send a 401 Unauthorized response since the requested resource is constrained resource which is configured in <security-constraint>. But this not happening. Server directly serves the request. I tried even with <auth-method>BASIC</auth-method>. No use.

If this works fine then

2. How to switch back to http after the credentials are authenticated against the login user data configured in the server.[tomcat_users.xml]
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyone who has worked in declarative security/Form based Authentication.

can anyone point me to good resource on this subject.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!