Unanthorized Acess Error - login authentication (FORM Based)
Hi,
I have configured my application for login authentication (FORM Based) using jakarta-tomcat-5.0.28 (Eclipse 3.1). With my configuration I don抰 have any issue to get into the login page, but upon key-in the user-id and password, its get authenticated and its immediately redirecting to unauthorized.html page as defined as unauthorized error page in the application web.xml. I don抰 see any error in the log files and user has given full rights to all the resources.
I'm using j_security_check to authenticate my system login and my application code as follows:
String encodedSecurityURL = "/j_security_check";
javax.servlet.RequestDispatcher rd=this.getServletContext().getRequestDispatcher( encodedSecurityURL );
rd.forward( request, response );
Any help is very much appreciated!!!!
How to solve this authorization issue!!!!
J2ee_login.jsp
<html>
<%@ taglib uri="/taglib_edelivery.tld" prefix="j2ee" %>
<%@ taglib uri="taglib_cst" prefix="util" %>
<%@ page language="java" buffer="8kb" autoFlush="true" %>
<%@ page errorPage="errorpage.jsp" %>
<head>
<title>
j2ee_login
</title>
</head>
<script language="javascript">
function init( )
{
document.forms.myform.submit();
}
</script>
<body onload="init()">
<form name="myform" method="post" action="j_security_check">
<input type="HIDDEN" name="j_username" value="<%=request.getAttribute("tempusername")%>">
<input type="HIDDEN" name="j_password" value="<%=request.getAttribute("temppassword")%>">
</form>
</body>
</html>
Web.xml: (from my application)
--
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
Other tags厖厖厖厖厖厖厖?
<security-constraint>
<web-resource-collection>
<web-resource-name>Private</web-resource-name>
<description>Everything in the /private directory needs to be bound into this role.</description>
<url-pattern>/requestmappings.xml</url-pattern>
<url-pattern>/private/admin/*</url-pattern>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>noone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>MainServlet</web-resource-name>
<url-pattern>/MainServlet/*</url-pattern>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginMainServlet/Login</form-login-page>
<form-error-page>/AuthError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>This role should not be mapped to any users or groups. It is used for web resources that shouldn't be accessed directly.</description>
<role-name>noone</role-name>
</security-role>
<security-role>
<description>Users of the CST application. This role should be mapped to all groups that are allowed to login.</description>
<role-name>user</role-name>
</security-role>
Other tags厖厖厖厖厖..
</web-app>
Server.xml : (tomcat /conf folder)
--
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<GlobalNamingResources>
<!-- Used by Manager webapp -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="" unpackWARs="false" autoDeploy="false">
<Context path="/cst" docBase="D:/EPS/EB_CST_v3.7.2/dev/src/cst/web" debug="1" reloadable="true" crossContext="true"/>
<Context path="/cst-static" docBase="D:/EPS/EB_CST_v3.7.2/dev/src/cst/web-static" debug="1" reloadable="true" crossContext="true"/>
<Logger className="org.apache.catalina.logger.SystemOutLogger" />
</Host>
</Engine> </Service></Server>
tomcat-users.xml: (tomcat /conf folder)
--
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="cst" password="cst" roles="user"/>
<user username="w951jq9" password="starter01" roles="user"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
