| View previous topic :: View next topic |
| Author |
Message |
candamil
Tux's lil' helper
Joined: 19 Mar 2012
Posts: 84
|
 Posted: Mon May 07, 2012 4:14 pm Post subject: [KIND OF SOLVED] Tomcat servlet doesn't ask password |
 |
|
Hi, guys, I hope you can help me.
I am implementing a servlet application in tomcat, which should ask for a password when connecting. I think it's properly configured, but it doesn't ask for the damn password. This is what I have:
Tomcat users:
| Code: |
<tomcat-users>
<role rolename="user"/>
<role rolename="admin"/>
<role rolename="manager"/>
<user username="admin" password="********" roles="admin/>
<user username="manager" password="*********" roles="manager/>
<user username="user" password="********" roles="user"/>
</tomcat-users>
|
Server.xml (just the end, the rest is default)
| Code: |
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Context path="/"
docBase="/var/lib/tomcat7/webapps/smartgrid"
crossContext="true"
debug="0"
reloadable="true" >
</Context>
</Host>
</Engine>
</Service>
</Server>
|
web.xml in my servlet:
| Code: |
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app version="2.4">
<display-name>Smartgrid Webserver</display-name>
<description>Web frontend for smartgrid system</description>
<servlet>
<servlet-name>Main</servlet-name>
<description>Main page</description>
<servlet-class>Main</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Main</servlet-name>
<url-pattern> /</url-pattern>
</servlet-mapping>
<!-- Define a security constraint on this application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- This role is not in the default user directory -->
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>user</role-name>
</security-role>
</web-app>
|
I have seen a couple of HOW-TO's, but I have already done what it says in everyone, so I don't know what can be the problem. Any idea?
Thanks.
Last edited by candamil on Thu May 17, 2012 6:25 am; edited 1 time in total |
|
| Back to top |
|
 |
ShadowCat8
Tux's lil' helper
Joined: 07 Oct 2008
Posts: 118
Location: Arcadia, CA, USA
|
| Posted: Mon May 07, 2012 8:25 pm Post subject: |
|
|
Greetings,
The one thing I see missing from what I know of Tomcat and how it works (that being versions 4.x.x through 6.x.x) is Realm.
Where are you defining the Security Realm parameters in server.xml?
HTH. Let us know.
_________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds |
|
| Back to top |
|
|
candamil
Tux's lil' helper
Joined: 19 Mar 2012
Posts: 84
|
| Posted: Tue May 08, 2012 8:21 am Post subject: |
|
|
Hi, thanks for your answer. These are the Realm parameters in my server.xml file:
| Code: |
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
|
It's default. I tried to change the path of the applet from / to /dir and now it asks for a password, but I would like it to ask it in /. Not only that, but also it doesn't recognize any user. It doesn't work either for the manager application. It asks for a password, but it doesn't recognize any of my users. |
|
| Back to top |
|
|
candamil
Tux's lil' helper
Joined: 19 Mar 2012
Posts: 84
|
| Posted: Tue May 08, 2012 9:58 am Post subject: |
|
|
Finally I was able to get it working rewriting the files from scratch (maybe some problems with charset or something like that, I don't know).
Anyway, it ask for password and identifies correctly when the path for the servlet is /anything:
| Code: |
<Context path="/anything"
privileged="true"
docBase="/var/lib/tomcat7/webapps/myservlet"
crossContext="true"
debug="0"
reloadable="true" >
</Context>
|
but it doesn't work if I change that /anything and use "/". This is the web.xml file at this moment:
| Code: |
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app version="2.4">
<display-name>Smartgrid Webserver</display-name>
<description>Web frontend for smartgrid system</description>
<servlet>
<servlet-name>Main</servlet-name>
<description>Main page</description>
<servlet-class>Main</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Main</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Host Manager Application</realm-name>
</login-config>
<security-role>
<description>
The role that is required to log in to the Application
</description>
<role-name>user</role-name>
</security-role>
</web-app>
|
Any ideas of the reason of that problem?
Thank you. |
|
| Back to top |
|
|
ShadowCat8
Tux's lil' helper
Joined: 07 Oct 2008
Posts: 118
Location: Arcadia, CA, USA
|
| Posted: Wed May 09, 2012 6:05 pm Post subject: |
|
|
Well,
As I'm to understand, the "/" of the Context paths basically points at ${CATALINA_HOME}/webapps/ROOT, which is the base that *all* of the configured web applications are supposed to sit over (and/or under) in the presentation of the server to the network. So, to visualize this a bit better, say you have the following directories under ${CATALINA_HOME}/webapps/:
| Code: | ~ # ls -l /opt/tomcat-6/webapps/
total 32
drwxr-xr-x 4 tomcat tomcat 4096 Jul 24 2009 ROOT
drwxr-xr-x 5 tomcat tomcat 4096 Jul 24 2009 balancer
drwxrwxr-x 11 tomcat tomcat 4096 May 8 17:41 main
drwxr-xr-x 21 tomcat tomcat 4096 Jul 24 2009 jsp-examples
drwxr-xr-x 4 tomcat tomcat 4096 Jul 24 2009 servlets-examples
drwxr-xr-x 12 tomcat tomcat 4096 Jul 24 2009 tomcat-docs
drwxr-xr-x 3 tomcat tomcat 4096 Jul 24 2009 webdav |
And, as I said above, the "ROOT" directory above is what is shown/displayed/done when someone connects with "http://<host>:<port>/", but all the others there are connected to by using "http://<host>:<port>/<app>". So, if you were to use the one security constraint to authorize every connect from "/*", then anyone connecting should have access to *all* webapps, to include the manager app. Now, I am pretty sure that I understand what you are aiming at: You want your users to be able to just use "http://<host>:<port>/" to connect with your Main webapp. There are tricks that you can do in the ROOT webapp to redirect the connect to your Main app, such as creating a landing page under ROOT or configure a redirect of the docPath. (NOTE: I'm not sure if the latter is still available in Tomcat 7, but you used to be able to redirect a connect to "/" to a specific webapp. Haven't had to use that in quite a while.)
HTH. Let us know.
_________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds |
|
| Back to top |
|
|
candamil
Tux's lil' helper
Joined: 19 Mar 2012
Posts: 84
|
| Posted: Thu May 10, 2012 7:38 pm Post subject: |
|
|
| Yes, that's exactly what I am trying to do, just keeping it easy for users, and as there will only be one webapp, it's not a problem if the users log to /. Anyway, if I am not able to get the authentication in / (at this moment, if I change / to any other url, it works, but when I change it again to /, it doesn't ask the password) I will try to do a redirect. I'll post whatever I get. |
|
| Back to top |
|
|
ShadowCat8
Tux's lil' helper
Joined: 07 Oct 2008
Posts: 118
Location: Arcadia, CA, USA
|
| Posted: Wed May 16, 2012 11:33 pm Post subject: |
|
|
Yeah,
Keep in mind that while *you* have only one webapp running on the Tomcat server, it is not the only webapp running on it. The "manager" webapp is a default that comes with a Tomcat installation. And, depending on what type of Tomcat installation, you may have a couple other webapps running on the server. That is why they are always making sure that you have your webapp wrapped up correctly.
And, consider that you may want to deploy a more restricted webapp on the same server in the future like, perhaps, a Control Panel for a Home Media Distribution system? (That comes to mind as a friend of mine did exactly that...) Just like you don't want certain guests to touch the remote, you certainly don't want them changing something being streamed into your living room while you are watching it.  hehe
HTH... Or at least was somewhat entertaining.  Let us know.
_________________
"Intelligence is the ability to avoid doing work, yet getting the work done"
-- Linus Torvalds |
|
| Back to top |
|
|
candamil
Tux's lil' helper
Joined: 19 Mar 2012
Posts: 84
|
| Posted: Thu May 17, 2012 6:24 am Post subject: |
|
|
| As in the server there will be also an apache server running, and at this moment it won't be used, I think I will set a redirect page, so when a user comes in the domain with the 80 port, it redirects it to the tomcat servlet address. It's the easiest way. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
