I'd like to setup Tomcat on Windows and have authentication in my web application be done against the Windows users (or a subset of those users). I read that if you have users setup on Active Directory, you can use the JNDI realm. What if you don't have Active Directory, but just have "simple Windows users" setup on the server? Is it po...
Hello, I'm writing a java web application which need to perform login through a webservice. Of course, none of the realms supplied with the application server I'm using (glassfish v2) can do the trick. I therefore had to write my own. It seems however, that the realm implementation that I wrote is completely tied to glassfish and cannot...
I am trying to create a custom realm in Tomcat. My problem is that there is a SessionAttributeListener as part of the framework which checks to see if any object added to the session is serializable, and if it isn't it causes problems... like invalidating the session. Because org.apache.catalina.realm.GenericPrincipal is not serializab...
Here's my situation: I want stuff under mysite/customer/* to require form-based authentication before access (login via mysite/customer/login.jsp, with its own user_password table and role. ) BUT I want stuff under mysite/admin/* to require another form-based authentication before access (login via mysite/admin/login.jsp, with ano...
I am using FORM authentication, together with Realm. I would like to know how can I log out. The only solution so far is to close browser, but that's not acceptable from the usability standpoint. SOLUTION As pointed by the accepted answer ((HttpServletRequest) request).getSession().invalidate(); ...
I use FORM Authentication. <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/loginPage.jsp</form-login-page> <form-error-page>/loginPage.jsp</form-error-page> </form-login-config> </login-config> I would like to use the same JSP for my form-login-page and form-error...
I'm working in a legacy environment where an LDAP server is used only for authentication and contains no roles, and authorization is done against a database which contains the user-role mapping, but no passwords. My plan is to implement a new Tomcat Realm by extending JNDIRealm, and overriding the role methods to call an encapsulated JD...
I wanted to configure Tomcat6.0 authentication via JDBC realm Configuration.** I checked following: -All my "users" and "roles" are stored in MySQL database. -MySQL JDBC drives are in tomcat\lib directory -Tomcat-user-xml is modified for such realm as below <-Realm className="org.apache.catalina.realm.JDBCRealm" driverName...
Hello All, My application currently relies on JDBC realm authentication. Recent needs have forced us to think about having LDAP authentication as well. We are thinking about using Active Directory for both authentication as well as authorization (roles). As a standalone test, I was able to authenticate my application with AD. But here i...
Hello I am completely new to login and authentication concepts. I am working on a Glassfish web application that should present general content to any visitor, and some extra content for registered users logged in with username and password. I have been reading the Java EE tutorial about security, and I thought that the Form-based or H...
Hi, I want to configure tomcat / my web application to use a JDBC realm for container managed security. I specified the realm inside tomcat's server.xml file like this: <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="net.sourceforge.jtds.jdbc.Driver" connectionURL="jdbc:jtds:sqlserver://hostname:1433/intranet;user=sa...
Hi I have a form realm authentication with which i am securing a directory "secureUser" well my question is: - How i can redirect the user once logged in to the requested page the details: - now i can log on a user using this (login.jsp) <form action="j_security_check" method="POST" id="login_from"> <p> <input ty...
Hi, I'm trying to write my own Realm to authenticate my users. I have written a class extending org.apache.catalina.realm.RealmBase, compiled to a .jar file and put it in the /lib library. Then I added this to server.xml: <Realm className="wstest.tomcat.security.MyRealm" resourceName="myrealm"/> Tomcat doesn't seem to "se...
Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="user...
We have Tomcat 6 connecting to a Win2k3 Server running AD. The realm is configured as such <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow" connectionURL="<url>" connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" connectionPassword="<pwd>" userBase="OU=Users,DC=com...
I'm using NetBeans 6.8 and Tomcat 6.0.xx. I've created a custom realm and updated the NetBeans project build.xml to deploy the realm to Tomcat. When I debug the project, NetBeans starts the Tomcat server and makes an initial HTTP GET request for 'manager/list'. Tomcat graciously hands this request off to my custom realm for authentica...
I have created web services based on Jersey (auto generated via Netbeans). I have also created a user names “testClient” with password “secret” and created User group “Users” and used file Realm using glassfish 3.0.1 admin console. I have also mapped web.xml and sun-web.xml accordingly. My web services are secured successfully; as I a...
I'm getting this exception when trying to access a JAX-WS webservice running on the same WAS 7.0 server as the client. Caused by: javax.xml.ws.WebServiceException: java.io.IOException: Unable to deserialize the Subjects in this Context, cause: the realms do not match I have a realm set up for user authentication and this call works fi...
Hi, I was wondering if it was possible to have a Java EE application with multiple JAAS security realms. I'm currently developing an application in which some users need to be authenticated with data stored in a database, while other users need to be authenticated through an LDAP bind. So I created 2 security realms in glassfish 3.1...
We're building a web application that is available to both authenticated and anonymous users. If you decide not to register/login you only have a limited set of features. User authentication is done over OpenID with Spring Security. That works fine. However, the application also comes with an admin UI that is deployed at <host>/<context...