Search code examples
javasecuritytomcatform-authentication

JDBCRealm FORM based authentication not redirecting to login page

I am trying to apply authentication in index.jsp page but when I try to load thispage, instead of getting redirected to login2.xhtml page. I get this on chrome window.

this is realm tag from servlet.xml

This is realm tag added in server.xml

<Realm className="org.apache.catalina.realm.JDBCRealm"

       driverName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
   connectionURL="jdbc:sqlserver://DESKTOP-ND3EINK\SQLEXPRESS;databaseName=HRSystem;user=ram;password=ram"

       userTable="HR.users" userNameCol="user_name" userCredCol="user_pass"
   userRoleTable="HR.user_roles" roleNameCol="role_name"/>

I have added user in tomcat-users.xml

 <role rolename="tomcat"/> 
  <role rolename="HRPersonnel"/>

  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="[email protected]" password="111111" roles="HRPersonnel"/>

and web.xml is:

<security-constraint>

        <display-name>SecurityConstraint</display-name>

        <web-resource-collection>
            <web-resource-name>foo bar</web-resource-name>
            <url-pattern>/index.jsp</url-pattern>
<!--
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
            <http-method>POST</http-method>
            <http-method>DELETE</http-method> -->

        </web-resource-collection>

        <auth-constraint>
            <role-name>HRPersonnel</role-name>
        </auth-constraint>

        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>

    </security-constraint>


    <login-config>
        <auth-method> FORM</auth-method>
        <realm-name>org.apache.catalina.realm.JDBCRealm</realm-name>
        <form-login-config>
            <form-login-page>/login2.xhtml</form-login-page>
            <form-error-page>/error.xhtml</form-error-page>
        </form-login-config>
    </login-config>

These are tables in database

create table HR.users(
name varchar(50),
user_name varchar(50) primary key,
user_pass varchar(50) not null,
phone varchar (14),
address varchar(100),
)

create table HR.user_roles (
  user_name         varchar(50) not null foreign key references HR.users(user_name),
  role_name varchar(50) not null CHECK (role_name = 'Applicant' OR role_name = 'Manager' OR role_name = 'SME' or role_name = 'HRPersonnel')

  primary key (user_name, role_name)
  );

Catalina.log has 1 warning but no error.

22-Apr-2017 19:00:21.929 WARNING [main] org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with directory [C:\Program Files\Java\apache-tomcat-9.0.0.M13\bin\com.microsoft.sqlserver.jdbc.SQLServerDriver], exists: [false], isDirectory: [false], canRead: [false]
Solution

  • I don't know why but 

    <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>

    was not working, I changed CONFIDENTIAL to NONE and it started to work.