You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "David M. Karr" <dm...@earthlink.net> on 2001/06/11 06:48:19 UTC
Simple test of BASIC authentication seems to bypass login dialog
I'm working through examples in "Professional JSP - 2nd Edition". Almost
everything I've tried, using Tomcat4b5, worked on the first try.
I'm now looking at the authentication examples. There is a simple example of
an application that uses BASIC authentication. It has a "web.xml" that
specifies the "security-constraint" with a "web-resource-collection", and a
"login-config" that specifies an "auth-method of "BASIC". There is also a
simple "index.jsp" that prints out the current "AuthMethod". The example also
shows a sample "tomcat-users.xml" to authenticate against.
When I try to access the "index.jsp" from a browser (NS4.7 & IE5), it never
displays a login dialog, and the output from "index.jsp" says the "AuthMethod"
is "null". I looked at the log files, and I see that it prints out my
"web-resource-name" correctly, so I know it's reading my "web.xml" file, and
getting at least one data item out of it.
I looked through the tomcat-users archive, and I didn't notice anything like
this.
I'd appreciate it if someone could lead me in the right direction to understand
why this is happening.
An excerpt from the application log file is:
------------------------
2001-06-10 12:31:23 StandardContext[/ch16b]: Starting completed
2001-06-10 12:31:32 Authenticator[/ch16b]: Security checking request GET /ch16b/index.jsp
2001-06-10 12:31:32 Authenticator[/ch16b]: Subject to constraint SecurityConstraint[Entire Application]
2001-06-10 12:31:32 Authenticator[/ch16b]: Calling checkUserData()
2001-06-10 12:31:32 Authenticator[/ch16b]: Successfully passed all security constraints
2001-06-10 12:31:32 StandardContext[/ch16b]: Mapping contextPath='/ch16b' with requestURI='/ch16b/index.jsp' and relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]: Decoded relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]: Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true
------------------------
"index.jsp" follows:
------------------------
<html>
<head>
<title>Protected Area Page</title>
</head>
<body>
<%
out.println("<h2>Authentication Mechanism " + request.getAuthType() + "</h2>");
%>
</body>
</html>
------------------------
web.xml:
------------------------
<?xml version="1.0" ?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ProJSP Authentication Example</realm-name>
</login-config>
</web-app>
------------------------
--
===================================================================
David M. Karr ; Best Consulting
dmkarr@earthlink.net ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)