• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

request. get User Principal(). getName() do not retreive user name

 
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi in my application i want to secure my jsp pages, i dont want the pages to be viewed directly by copying the url in short i want to make them password protected unless a user sign in user cannot see the further pages, in order to achieve this i added security-constraint in my web.xml

web.xml


and my tomcat-users.xml



now when i log in the appliction with username admin i am unable to see the page http://loclhost:8080/BankBoard/secure/welcomepage.

also in my UserValidation Servlet when i try to print the username
System.out.print(request.getUserPrincipal().getName()) it does not display the username rather its a blank space also the if(request.isUserInRole("admin")) does not results true.

any suggestions please..

[ Edited to fix code tags - Paul Sturrock ]
[ October 07, 2008: Message edited by: Paul Sturrock ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What does "i am unable to see the page" mean? What response does the server return?

What does "request.getRemoteUser()" return?
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
when i enter the URL http://loclhost:8080/BankBoard/secure/welcomepage it says
"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address. "

and it shows a blank line when i print System.out.println("the user name"+request.getUserPrincipal().getName()) it is not even showing the phrase "the username"

also the if loop is not validating to be true
if(request.isUserInRole("admin"))
System.out.println("admin");

it is not printing "admin" instead a blank line is shown..

request.getRemoteUser() prints null
[ October 07, 2008: Message edited by: ruquia tabassum ]
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does the application work if you remove all the security stuff from web.xml?

I noticed that the <security-role> tag looks incomplete, or was that just a copy/paste mistake?
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
yeah it work fine if i remove all the security stuff
its a copy paste mistake

web.xml
[code]

<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-role>
<role-name>admin</role-name>
</security-role>
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You also have a login-config tag in the web.xml, correct? And HTTPS in general is working fine?
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
no i did not add a <login-config> element , the way its getting authenticated is once the user enters username and password and clicks LogOn button UserValidation Servlet authenticate the user credentials refering to the entries in the database.
The application is not working with HTTPS..with http://localhost:8080/BankBoard it shows login page
with https://localhost:8080/BankBoard it says
"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address. "
[ October 07, 2008: Message edited by: ruquia tabassum ]
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Without a login-config element the other authentication tags won't take effect.

But it sounds anyway like you need to get HTTPS working first. See http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for how to do that.
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My Https is working now ..
on accessing the page https://localhost:8443/BankBoard/secure/welcomepage
it says

"HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden."

where as https://localhost:8443/BankBoard displays the login page


[ October 07, 2008: Message edited by: ruquia tabassum ]
[ October 07, 2008: Message edited by: ruquia tabassum ]
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
a bit confused wether the user credentials entered are to be checked refering database or leave it on form based authentication which cheks it referring the tomcat-users.xml file?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by ruquia tabassum:
a bit confused wether the user credentials entered are to be checked refering database or leave it on form based authentication which cheks it referring the tomcat-users.xml file?



That depends on how you have configured it in the server.xml file. Somewhere in it is a <Realm> element that specifies which realm implementation is used.
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
server.xml file contains the database realm
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

actually i want my login page to give an alert message when there is a wrong username and password for that on clicking logon it makes ajax calls and the responsible servlet checks the credentials referring database, based on the servlet response i am directing the control either to welcome page or raising a popup.As welcome page is secure so i dont want the direct access to that page and i employed form based authentication... now whenever i try to acces the welcome page it gives me the unformatted login page with username and password fields scattered here and there.
please give me a clear picture of form based authentications...
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can make the login page anything you want (in terms of the HTML), but if you want to use AJAX calls for checking credentials, then that's not supported by the standard security built into the container.

You can use a database instead of the XML file by switching to some other realm, maybe JDBCRealm or DataSourceRealm. The Tomcat documentation explains how to set those up.
 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i modified my server.xml file as
server.xml
[code]

<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99" driverName="net.sourceforge.jtds.jdbc.Driver"
connectionURL="jdbc:jtds:sqlserver://DCSRV02:1433/REGISTRATION_TEMP_LTR_PRINT;username=sa;password=water"
connectionName="sa" connectionPassword="water"
userTable="login1" userNameCol="loginname" userCredCol="password"
userRoleTable="loginuser" roleNameCol="role"
/>


and my Login.jsp which has flash contents,input fields..
Login.jsp
[code]
<BODY bgcolor="#ffffff" onlod="GetUserMachineName();">
<FORM METHOD="POST" NAME="homeform" action="j_security_check">
<div ID=firstbar > </div>
<div ID=secondbar >
<label ID=welcomelabel >
Welcome To BankBoard </label>
</div>

<label ID=enterlabel >
Enter Your Login Information and click LogOn </label>
<label ID=system >System</label>
<input ID=inputsystem type="text" name="system"><BR>

<label ID=uname >User Name</label>
<input ID=inputuname type="text" name="j_username"><BR>
<label ID=password >Password</label>
<input ID=inputpassword type="password" name="j_password">
<input type="submit" value="LogOn" ID=logon onclck="homeFieldValidation();" >

</FORM>


Now on accessing https://localhost:8443/BankBoard/ it has an achor tag that take to Login.jsp, on entering the credentials and clicking button LogOn it again shows the login page which is unformatted without flash contents input fields scattered with the link https://localhost:8443/BankBoard/secure/welcomepage in address bar.
[ October 08, 2008: Message edited by: ruquia tabassum ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic