https://bz.apache.org/bugzilla/show_bug.cgi?id=69657
Isaac Khalil <zackha...@yahoo.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #3 from Isaac Khalil <zackha...@yahoo.com.au> ---
Attached is a zip file to unzip under webapps
NOTE: This works fine under Windows but fails in my production server using
Linux
my Linux server is Red Hat Enterprise Linux Server 7.9
$ uname -a
Linux host 3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021
x86_64 x86_64 x86_64 GNU/Linux
The issue seems to be specifically when using a custom login servlet and form
authentication
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>Login</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Login Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Login Protection</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
<url-pattern>/jsp/*</url-pattern>
<url-pattern>/index.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>OSS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>OSS</role-name>
</security-role>
and under WEB-INF/classes/Login.java
import java.io.*;
import jakarta.servlet.*;
import jakarta.servlet.http.*;
public class Login extends HttpServlet {
public void init() throws ServletException {
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
String username = request.getParameter("j_username");
String password = request.getParameter("j_password");
System.out.println(request.getSession().getId() + ":
getMaxInactiveInterval=" + request.getSession().getMaxInactiveInterval());
request.login(username, password);
System.out.println(request.getSession().getId() + ": getUserPrincipal=" +
request.getUserPrincipal());
String contextPath = request.getContextPath();
System.out.println(request.getSession().getId() + ": contextPath=" +
contextPath);
if (request.getUserPrincipal() != null) {
System.out.println(request.getSession().getId() + ": login success");
System.out.println(request.getSession().getId() + ":
getMaxInactiveInterval=" + request.getSession().getMaxInactiveInterval());
response.sendRedirect(contextPath + "/index.jsp");
return;
}
System.out.println(request.getSession().getId() + ": login error");
response.sendRedirect(contextPath + "/error.jsp");
}
}
and /jsp/login.jsp
<form method="POST" action="login">
<table>
<tr>
<td colspan="2">Login to the Tomcat-Demo application:</td>
</tr>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" value="test" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" value="test123" /
></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Go" /></td>
</tr>
</table>
</form>
add below to my conf/tomcat-users.xml
<role rolename="OSS"/>
<user username="test" password="test123" roles="OSS"/>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
