• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

How to provide security for web-application using UserDataSource through Apache server  RSS feed

Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,

I have a problem with web-security using tomcat. I have developed one web application and provide security for that.but it didn't work properly.
what i mean is i took 'manager' as one role and i declared username and password in tomcat-users.xml. but when access particular resource with in that application i is displaying one customized dialogue box(login.html) and asking userid and password for authentication.but when we enter valid credentials it still displaying "sorry , login failed" message.

Can someone help me on this.following is my code.


web.xml :

server.xml :

login.html :


Thanks in Advance,

Posts: 20721
Android Eclipse IDE Java Linux Redhat Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I cannot see anything obviously wrong, although trying to read that much information onscreen is not easy for me. It would be a good idea if you made your login and fail webpages be complete well-formed html (with <html;>, <head> and <body>) tags, but I don't think that's the actual problem.

As far as I can tell, the files are all configured properly, otherwise the login screen would not be displayed when you requested the ManagerAddDailyStatus.do URL. So the most likely thing to check after that is to make sure that the userid that Tomcat runs under is permitted to read the TOMCAT_HOME/conf/tomcat-users.xml file.

If you get really desperate, you can enable Tomcat's logging and see what it's actually doing, but usually it's not necessary to do that.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!