Java Security

Hi,

I have configured my application for login authentication (FORM Based) using jakarta-tomcat-5.0.28 (Eclipse 3.1). With my configuration I don�t have any issue to get into the login page, but upon key-in the user-id and password, its not get authenticated and its going to AuthError.html page as defined as error page in the web.xml. I don�t see any error in the log files and it�s very clear that it�s an authentication issue.

Any help is very much appreciated!!!!

Web.xml: (from my application)
-----------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
Other tags���������������.
<security-constraint>
<web-resource-collection>
<web-resource-name>Private</web-resource-name>
<description>Everything in the /private directory needs to be bound into this role.</description>
<url-pattern>/requestmappings.xml</url-pattern>
<url-pattern>/private/admin/*</url-pattern>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>noone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>MainServlet</web-resource-name>
<url-pattern>/MainServlet/*</url-pattern>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginMainServlet/Login</form-login-page>
<form-error-page>/AuthError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>This role should not be mapped to any users or groups. It is used for web resources that shouldn't be accessed directly.</description>
<role-name>noone</role-name>
</security-role>
<security-role>
<description>Users of the CST application. This role should be mapped to all groups that are allowed to login.</description>
<role-name>user</role-name>
</security-role>
Other tags����������..
</web-app>


Server.xml : (tomcat /conf folder)
--------------------------------------
<Server port="8005" shutdown="SHUTDOWN" debug="0">

<GlobalNamingResources>
<!-- Used by Manager webapp -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>

<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">

<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />

<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />

<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="" unpackWARs="false" autoDeploy="false">

<Context path="/cst" docBase="D:/EPS/EB_CST_v3.7.2/dev/src/cst/web" debug="1" reloadable="true" crossContext="true"/>
<Context path="/cst-static" docBase="D:/EPS/EB_CST_v3.7.2/dev/src/cst/web-static" debug="1" reloadable="true" crossContext="true"/>

<Logger className="org.apache.catalina.logger.SystemOutLogger" />

</Host>

</Engine>

</Service>

</Server>

tomcat-users.xml: (tomcat /conf folder)
--------------------------------------------
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="cst" password="cst" roles="user"/>
<user username="w951jq9" password="starter01" roles="user"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>

Note:
------
Initially (during installation) tomcat-users.xml format is different from what you are seeing above and I am not sure what setting I changed on the eclipse IDE its always falls back to above format when I restart the server.

Initital format of tomcat-users.xml:
---------------------------------------
<tomcat-users>
<user name="cst" password="cst" roles="user"/>
<user name ="w951jq9" password="starter01" roles="user"/>
<user name ="tomcat" password="tomcat" roles="tomcat"/>
<user name ="both" password="tomcat" roles="tomcat,role1"/>
<user name ="role1" password="tomcat" roles="role1"/>
</tomcat-users>