• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Testing Authentication

 
Nitin Kumar
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am reading Head First book and in the chapter of authentication. I want to test authentication for my already working application that I had developed while reading earlier chapters. I modified tomcat-users.xml and web.xml and used the same link to access the application that I used earlier. After making changes in those two xml files, according to the book, I should get the login page asking me for the user name and password. But I am directly going the application like before and tomcat doesn't ask for the password.
Please help me in identifying, where I am wrong or do I need to make more changes somewhere.

my tomcat-users.xml is


and web.xml is



Link to access the application is : http://localhost:8080/Beer-v1/form.html
and form.html is under webapps\Beer-v1

Nitin
 
Ankit Garg
Sheriff
Posts: 9578
33
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nitin you've not defined a web-resource-collection which will actually protect certain mapped URLs...
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the login mechanism is only initiated when you try to access a contrained resource.

So , in your application you have to declare servlet as the constrained resource.

Read about <security-constraint> and declare your servlet as constraine resource.
 
Nitin Kumar
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ankit & Parth,

After adding <security-constraint> and its sub-elements, it is indeed working. Thank you for your replies.

P.S: With firefox, I have to clear the cache after each successful login, otherwise it doesn't ask for the password. With IE it works fine.

Nitin
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Firefox has this feature . You can notice that in general internet use as well.

If you do not log out but close the gmail account tag and you can still open gmail logged in , in another tag.

But these are browser specific features you will not be tested on.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic