I am trying to practice about security. In Form based authentication on action="j_security_check" I get
The requested resource (/Form_auth_method/j_security_check) is not available.
Isn't the target j_security_check provided by the application server?
and I created a user, a password with an existing role in tomcat-users.xml .I it necessary to create the user in tomcat-users.xml?
Is there the necessity to configure the security-role on DD?I suppose i miss something...
thanks to your suggestion I wrote a <security-constraint>
on tomcat-users.xml I have more users with the role 'role1'
and despite writing on web.xml:
I can access to protected-page.jsp only using username=role1 or username=both, using other usernames and passwords I get the error.jsp..I created a new role consultant on tomcat-users.xml, added the security-role and the role-name, but couldn't access the same the protected-page.jsp, I don't know why...
you were right, I mixed up the tomcat-users.xml but now I added a new role to the right tomcat embeded into netbeans- old version 5.5.1- but it still doesn't work. It still works only for users with role="role1" that was already defined. Can I add rolenames to tomcat-users.xml?I also cannot understand why rolenames are not defined in tomcat but for example role1 works.
Shouldn't it be mandatory to define the rolenames for roles tomcat or role1 ?
Moreover on another IDE- netbeans 6.9.1 -I always get the the error page despite making the same configuration, working on 5.5.1 IDE.
No idea why...
Thank you once more
I downloaded your document and I'll follow your instructions(next reply).
Thank you for your help, sometimes I think this exam is a neverending one, but this forum encourages me to continue with the next chapter...
I followed the document step by step - do you think it is better not to write web.xml by hand?- and now on Netbeans 6.9.1 project SecurityExample I think to have the right configuration; I had a comment wrapping role entries -I didn't notice before, now I removed it but I get the error page regardless of the username and password I enter.Just for check I send the web.xml
I think there is no apparent reason for this problem.I have two tomcat versions but on the IDE I use tomcat 6.0.26.
I'll try on the old 5.5.1 version IDE.
Thank you very much for your clear document.
I followed the document step by step - do you think it is better not to write web.xml by hand?
No, it is better to write the web.xml by hand and it is also better to create your .war file by hand. That way you know it should be done in the world without IDE's (have a look at the following topic War by hand)
I verified your settings with mine and they are exactly the same. The only difference is the version of tomcat (5.5 vs 6.0). Have a look if that was the problem, otherwise try to follow the War by hand instruction and deploy it on the tomcat5.5 server. This should work
Just to be sure it is not the problem of the URL: what is the URL you are typing in? You are getting to the login.jsp, right?
at last I solved the mistery of the lost security!Unfortunatly it was not a true mistery, only the sum of my mistakes.I changed tomcat-users.xml once on catalina base once on catalina home, moreover on catalina base I had another comment wrapping role entries.Now I made all the changes on catalina base and everything works on both IDE versions.On the subject of these two system properties, I have only catalina_home between my environment variables, shouldn't I make a variable catalina_base?
Morever, is it right this definition I found on the web?
"The presence of those two properties is required only when you want to use multiple instances of Tomcat without having to install the software multiple times, and not wasting disk space.
The first properties (catalina.home) points to the location of the common information, while the other property (catalina.base) points to the directory where all the instance specific information are held."
If I'm using only one instance of tomcat inside the IDE, why changes on catalina_home didn't work?Why Netbeans IDE looks into the base directory by default?
Probably I'm still mixing it up???