Form Based Authentication in Tomcat, getting login and password

Similar Messages

• Form Based Authentication on Tomcat with custom index.jsp page...

  Hi there ppl,
  I've got Form Based Authentication working correctly on my Tomcat server but I want to override the default generated index.jsp after successfully logging on. I've tried placing my own index.jsp in the directory that's restricted, but its only overridden by the default one when successfully logged on which displays:
  "Authentication Mechanism FORM"
  This means having to navigate by typing the url in the address bar to another page which is gets really annoying afterawhile.
  Any help on this would be much appreciated,
  thanks already

  Yes there's a default generated index.jsp page that I'm having trouble overriding with one of my own. Have you used Form Based Authentication before? To do so you have edit the WEB-INF/web.xml file by adding:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Secure Area</web-resource-name>
  <url-pattern>/test/secure/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>      
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/test/secure/loginpage.jsp</form-login-page>
  <form-error-page>/test/secure/errorpage.jsp</form-error-page>
  </form-login-config>
  </login-config>
  When you attempt to first go to any page in my /test/secure/ directory you get redirected to the /test/secure/loginpage.jsp where you have to login as a tomcat user, when succesfully logged on you get redirected to an index.jsp page which is NOT the one I created in test/secure/index.jsp. Even when I type in the url to go to my own test/secure/index.jsp I still don't get my own one that exists there, but instead get the default one that's generated that displays:
  "Authentication Mechanism FORM".
  Hope that makes more sense.
  I've tried restarting tomcat but it makes no difference.

• Form Based Authentication without login page

  Hi,
  i need to use form based authentication in a web page, but without a dedicated login page. So basicly every page will contain a login form in the upper right corner, so the user can login anytime in his browsing session directly from the page he's reading.
  I am aware of that the form based authentication config needs a login and a error page.
  I need some hints on how this could be implemented so that i dont need them directly. Im quite sure this is possible, if any of you has ideas please share them with me.
  dukes are waiting ...

  sorry - double posted : http://forum.java.sun.com/thread.jspa?threadID=584579&tstart=0

• Form-based authentication and JSF

  I am trying to use a form-based authentication in Tomcat 6, and from what I understand the page that contains the login form can not be a JSF page.
  The problem I'm having with this is that I need the client's username and password accessible from my backing bean, but I don't know how to put them there from a standard JSP.
  Before all this, I had a simple login form with username/password fields that were bound to a bean, and a button that executed a bean method that would perform the login procedure, retrieve the client's data from the DB and create a Client object in the session to be accessible throughout the application. Now, I need to use container managed access control with form-based authentication, and I know how to set it up but don't know how to create the Client object if the container does all the authentication and I never even get a hold of a username/password combination let alone the rest of the client's data.
  Any advice on this would be greatly appreciated.

  alf.redo wrote:
  ...following article: [j2ee_security_a_jsf_based_login_form|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form]
  This is exactly the solution I am planning to use. It is good to know there are others who have decided to go that way.
  Thanks

• FORM Based Authentication and Browser Refreshing

  We are using FORM Based Authentication in our web application and it works rather well. I have noticed an interesting bit of behavior that I am unable to explain. After an attempt is made to access the first protected resource the container will display the login page specified in the web.xml file. After successful authentication the original protected resource is displayed as expected. In the Address line of the browser however the original URI requested is now replaced with the following:
  http://<domain>:<port>/<root>/j_security_check
  Now, when we hit the refresh button on the browser we get the following error:
  404 Not Found
  Resource /<domain>/j_security_check not found on this server
  Two questions. 1. why does it do this? and/or (more importantly) 2. How do I prevent this behavior or work around it?

  I�m trying to figure out how to pass the user�s ID
  and password, using form-based authentication and
  file realm, to our JDBC connection. Two separate issues.
  I've usually seen it done where there are three tiers, of course. The user provides login credentials from the view tier, which are passed to the controller tier. The controller will validate the user against a database or LDAP. Once they're validated, the credentials are put into session and provided for all apps that need them, including the persistence tier.
  The connection pool requires that you create connections using an application ID, not the user ID. You have to move the security out of the database and into the application.
  %

• Issues with OSSO ,custom login module and form based authentication

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

  Hi:
  We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
  authentication and Custom login module.
  Application is going in infinite loop when we we try to login using osso ,from the logs
  what I got is looks like tha when we we try to login from OSSO application goes to the login
  page and it gets the remote user from request so it forwards it to the home page till now
  it is correct behaviour ,but after that It looks like home page find that authentication is
  not done and sends it back to the login page and login page again sends it to the home as it
  finds that remote user is not null.
  Our web.xml form authentication entry looks like this :
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/jsp/login.jsp</form-login-page>
  <form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
  </form-login-config>
  </login-config>
  While entry in orion-application.xml has the following entry for custom login :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  </jazn>
  Whether If I change the authentication type to BASIC and add the following line
  in orion-application.xml will solve the issue :
  <jazn provider="XML">
       <property name="custom.loginmodule.provider" value="true" />
  <property name="role.mapping.dynamic" value="true" />
  <jazn-web-app auth-method="SSO" >
  </jazn>
  Any help regarding it will be appreciated .
  Thanks
  Anil

• Form based authentication getting logged in username and role

  Hi
  I have implemented a simple Form based authentication in my web site.
  I have maintained tomcat-users.xml file for user names, passwords and roles.
  Once my user is authenticated, I need to access his name and role in website.
  How can this be done.
  Please guide.
  Thanks

  The request object should contain the information, e.g. use request.getRemoteUser().

• Get user and user-roles in form based authentication

  How do I get user and roles associated with the user in my bean for "form based authentication".
  regards,
  nirvan.

  HttpServletRequest#getUserPrincipal().
  This has nothing to do with JSF. Form based authentication is part of Servlet spec.
  In JSF you can get the HttpServletRequest by ExternalContext#getRequest().

• Manager password in tomcat for form based authentication

  Hi all,
  I have a jsp using form based authentication.I have set up the web.xml,server.xml and created my database with the various users and roles but when i try to deploy the application,it as for the manger username/password and when i enter what i have in the database it refuses to connect.
  Anyone has any idea what i might be doiing wrong?
  Thans in advance

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• Configuring tomcat for form based authentication-help badly needed

  hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way out of this please , i tried even jguard but it needs changes in jvm which also not into my access

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• Get j_username in form based authentication

  I would like to get access to j_username when form-based authentication fails, i.e. if the user does not enter a valid username/password combination. What is best way to do this. I have looked in this forum and have seen mention of using servlets, filters, SAAJ, etc. Example code would be much appreciated.
  Martin

  hello all,
  I am using WebSphere and some how my filter is not being invoked, although my form based authentication works fine !!
  I am trying to do some post login in the filter but my filter isnt called....
  My filter is defined as follows
       <filter>
            <filter-name>LoginFilter</filter-name>
            <display-name>LoginFilter</display-name>
            <filter-class>pkg.LoginFilter</filter-class>
       </filter>
       <filter-mapping>
            <filter-name>LoginFilter</filter-name>
            <url-pattern>/j_security_check</url-pattern>
       </filter-mapping>What am I doing wrong??
  Also is there a possibiity that i can call my action class from the filter by mapping my action class as a servlet mapping to the filter?
  if so, how can i do it ?

• Get authenticated programmtically in FORM-based authentication

  Hi, friends,
  Does anybody know how to get authenticated programmtically when access some servlet
  in FORM-based authentication ?
  I have some Java programs running on a server other than weblogic application
  server. And I want to use HTTP request programmtically to talk to a servlet on
  WebLogic 6.0. For basic authentication, i can add authorization info into the
  request, how can I do that for form-based authentication ?
  Thanks
  John

  Hi John,
  Yep, it's WebLogic-specific.
  Check out
  http://e-docs.bea.com/wls/docs61///javadocs/weblogic/servlet/security/ServletAuthentication.html
  for more information
  Cheers,
  Joe Jerry
  John Chen wrote:
  Hi, Joe,
  Is that weblogic specific API ? Could you tell a bit more detail on how to use
  that ?
  Thanks
  John
  Jerry <[email protected]> wrote:
  ServletAuthentication.weak() should do what you want
  Cheers,
  Joe Jerry
  John Chen wrote:
  Hi, friends,
  Does anybody know how to get authenticated programmtically when accesssome servlet
  in FORM-based authentication ?
  I have some Java programs running on a server other than weblogic application
  server. And I want to use HTTP request programmtically to talk to aservlet on
  WebLogic 6.0. For basic authentication, i can add authorization infointo the
  request, how can I do that for form-based authentication ?
  Thanks
  John

• SP4 and Form Based Authentication

  Hi,
  I had just advised a customer to apply SP4 to WLS and
  then plug in the 'source code' patch, he replied that he had
  been informed that SP4 breaks Form Based Authentication for
  war web apps?
  Can anyone confirm/deny this for me please ?
  regards,
       Patrick.

  Hehe Hiya Patrick!, that was Me! seems we use the same hot source of info :)
  Cheers
  Rob :)
  "Patrick Byrne" <[email protected]> wrote in message
  news:[email protected]..
  Hi,
  I had just advised a customer to apply SP4 to WLS and
  then plug in the 'source code' patch, he replied that he had
  been informed that SP4 breaks Form Based Authentication for
  war web apps?
  Can anyone confirm/deny this for me please ?
  regards,
  Patrick.

• MOBI SSO with trusted authentication and form based authentication

  Dear All,
  I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
  - SAP BI 4.1 SP04
  - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
  Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
  And
  Provide our app users their X502 certs.
  1. Will the above approach work ??
  2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
  I would appreciate your valuable inputs.
  Regards,
  Sarvjot Singh

  Hi,
  According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
  Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
  resources. Authentication methods include NTLM, Kerberos, and Basic.
  Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
  SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
  There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
  http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Form Based Authentication in SharePoint 2013: Getting The remote server returned an error: (500) Internal Server Error

  Hi
   I configured forms based authentication mode in Sharepoint 2013 site. When i tried to log in with windows authentication prompt it throws the following error
  The remote server returned an error: (500) Internal Server Error
  [WebException: The remote server returned an error: (500) Internal Server Error.] System.Net.HttpWebRequest.GetResponse() +8548300 System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +111 [ProtocolException:
  The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first
  1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  How to fix this issue?
  Regards,
  Siva

  Did you create a new web application or modify an existing web application?
  I would start by checking the ULS logs, maybe there is an incorrect setting within one of the web.config files, or SQL permissions.
  Also, as suggested above, check application pools are running.
  This blog post is a great guide for setting up FBA, check it through to make sure you haven't missed any steps:
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx