1

This is my first attempt at using j_security check form authentication in a java web app. I am using Eclipse 3.6 and Apache Tomcat 6.0.28.

Problem description: When I submit the login form with valid credentials, j_security check redirects me to the error page defined in error.html. When I submit with invalid credentials it also takes me to the error.html page. That is fine but for valid users, i expect to be taken to the protected resource after login.

login.html

    <!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Login</title>
</head>
<body>
<form method=post action="j_security_check">
 Username   <input type="text" name="j_username"><br />
 Password   <input type="password" name= "j_password"><br />
    <input type="submit" value="submit">
</form>
</body>
</html>

web.xml

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
      http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  version="2.5">

  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
  </servlet-mapping>
  <context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
  </context-param>
  <welcome-file-list>
    <welcome-file>/ui/index.xhtml</welcome-file>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>

  <login-config>
    <auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/security/login.html</form-login-page>
<form-error-page>/security/error.html</form-error-page>
</form-login-config>
</login-config>

<security-constraint> 
    <display-name>URLsConstraintMechanism</display-name>
    <web-resource-collection>
        <web-resource-name>clientURL</web-resource-name>
        <url-pattern>/ui/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>PUT</http-method>
        <http-method>POST</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>tomcat</role-name>
    </auth-constraint>
</security-constraint>


<security-role>
  <description>The Only Secure Role</description>
  <role-name>tomcat</role-name>
</security-role>

</web-app>

tomcat-users.xml

     <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

I also do not see any errors in my IDE's console or in $CATALINA_HOME/logs folder

Please pardon any omissions as I am a newbie to this forum. I have searched through existing threads but none of suggestions has worked for me so far.

Ade
  • 11
  • 1
  • 3

2 Answers2

0

One thing to check is the tomcat-users.xml file, If you are running tomcat from eclipse, eclipse create a separate pair of server.xml and tomcat-users.xml, that differs from the default one in the tomcat installation directory. Try to find the right configuration parameters by checking the Server configuration path double-clicking on your tomcat server under the Servers Tab.

Also check the Realm in the server.xml, if you are using the tomcat-users.xml file for store users and passwords use the Memory Realm

<Realm className="org.apache.catalina.realm.MemoryRealm" />
markov00
  • 3,682
  • 2
  • 24
  • 25
0

I know this question is over a year old but have you tried restarting Tomcat after altering the tomcat-users.xml file? I ran into a similar issue and after I restarted Tomcat, it worked fine.

The file tomcat-users.xml is not automatically re-read by Tomcat and requires a Tomcat restart to re-read it.

Johan G
  • 407
  • 5
  • 12