• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Testing Authentication

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am reading Head First book and in the chapter of authentication. I want to test authentication for my already working application that I had developed while reading earlier chapters. I modified tomcat-users.xml and web.xml and used the same link to access the application that I used earlier. After making changes in those two xml files, according to the book, I should get the login page asking me for the user name and password. But I am directly going the application like before and tomcat doesn't ask for the password.
Please help me in identifying, where I am wrong or do I need to make more changes somewhere.

my tomcat-users.xml is


and web.xml is



Link to access the application is : http://localhost:8080/Beer-v1/form.html
and form.html is under webapps\Beer-v1

Nitin
 
Sheriff
Posts: 9674
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nitin you've not defined a web-resource-collection which will actually protect certain mapped URLs...
 
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the login mechanism is only initiated when you try to access a contrained resource.

So , in your application you have to declare servlet as the constrained resource.

Read about <security-constraint> and declare your servlet as constraine resource.
 
Nitin Kumar
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ankit & Parth,

After adding <security-constraint> and its sub-elements, it is indeed working. Thank you for your replies.

P.S: With firefox, I have to clear the cache after each successful login, otherwise it doesn't ask for the password. With IE it works fine.

Nitin
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Firefox has this feature . You can notice that in general internet use as well.

If you do not log out but close the gmail account tag and you can still open gmail logged in , in another tag.

But these are browser specific features you will not be tested on.
 
Oh, sure, you could do that. Or you could eat some pie. While reading this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic