Skip to main content

Deploying WAR with web.xml and sun-web.xml security

1 reply [Last post]
eenogoodatcs
Offline
Joined: 2009-10-18
Points: 0

No one on the netbeans forum can help me. This is really important. Please help if you can:

Hi all,

I have spent too much time trying to find the answer to this so i'm just going to ask.

I have followed several netbeans tutorials (which are great!) and now have a little web app I want to deploy on another system. It's basically:
http://www.netbeans.org/kb/docs/web/security-webapps.html
with some other text.

On tomcat I change the "tomcat-users" to the same as I did for netbeans' tomcat. I go the the manager/html tool and upload the war for deployment.
PROBLEM: i can visit pages that should require a password without being asked for a password.
(i tried clearing cookies and stuff, tried from other computers, still no pass required)

On glassfish, I add the users I need and upload the war with the same results.
PROBLEM: I can visit the pages that should be secure without being asked for a password.

Thanks for the guidance!

Thanks for the reply Rick!

I tried the clean and build and again, it works find when netbeans deploys the app. But when I upload the war to my glassfish or tomcat server it skips right past the security check. I changed some text in my page and it definitely is updating the war.

Some background: My server is Ubuntu 9.04. I tried installing tomcat 6 from both the repositories and manually. I installed glassfish from a sun download.

I have also tried changing the init startup script from tomcat6_security=YES and NO. Both don't require the security check like when I deploy from netbeans.

Again, I am trying to access the page from multiple firefox profiles so cookies shouldn't be a problem but just to make sure I go to my laptop and still, no password required?? Very perplexing...

I mean, it has to have something to do with the way that netbeans deploys because it works when netbeans deploys. How does deploying a WAR differ from having netbeans deploy? This has to be the key to my problem.

Sounds like maybe there is something in my web.xml that netbeans recognises but not tomcat or glassfish. So please see below.

I really appreciate any help from anyone. This is starting to become a serious setback for me. Thanks Rick and everyone else!

<?xml version="1.0" encoding="UTF-8"?>

insServlet
com.ajax.insServlet.insServlet

AutoCompleteServlet
com.ajax.AutoCompleteServlet

insServlet
/ins

AutoCompleteServlet
/autocomplete

30

index.jsp

all

all

/SecureArea/*
GET
POST
HEAD
PUT
OPTIONS
TRACE
DELETE

nate
public

BASIC
file

nate

public

Message was edited by: eenogoodatcs

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
lfugaro
Offline
Joined: 2008-04-10
Points: 0

Hi,
I'll try to help you in this issue. First of all I'm not an expert on this. :D
Few years ago I had to do something like this but FORM, instead of a BASIC.
In your configuration I think you are missing to specify the realm in your tomcat servel.xml file.

First try using FORM authentication method:
----------------------------web.xml---------------------------------

FORM

/login.jsp /loginerror.jsp



AdminPages
/admin/*


administrator



system administrators
administrator

----------------------------web.xml---------------------------------
I showed only the necessary web.xml portion of code to do the form authentication.

Now, if you choose a resource which is under the path /admin/ you should be asked for username and password.

Anyway if you want to choose your way, remember I think you should configure a in your tomcat/conf/server.xml

If you have a table in your db that manages users and roles you should do something like this:
dataSourceName="jdbc/YouDS"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>

I hope I gave you something to think of or at least something to work with.

Regards,
Luigi.