You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "David M. Karr" <dm...@earthlink.net> on 2001/06/11 06:48:19 UTC

Simple test of BASIC authentication seems to bypass login dialog

I'm working through examples in "Professional JSP - 2nd Edition".  Almost
everything I've tried, using Tomcat4b5, worked on the first try.

I'm now looking at the authentication examples.  There is a simple example of
an application that uses BASIC authentication.  It has a "web.xml" that
specifies the "security-constraint" with a "web-resource-collection", and a
"login-config" that specifies an "auth-method of "BASIC".  There is also a
simple "index.jsp" that prints out the current "AuthMethod".  The example also
shows a sample "tomcat-users.xml" to authenticate against.

When I try to access the "index.jsp" from a browser (NS4.7 & IE5), it never
displays a login dialog, and the output from "index.jsp" says the "AuthMethod"
is "null".  I looked at the log files, and I see that it prints out my
"web-resource-name" correctly, so I know it's reading my "web.xml" file, and
getting at least one data item out of it.

I looked through the tomcat-users archive, and I didn't notice anything like
this.

I'd appreciate it if someone could lead me in the right direction to understand
why this is happening.

An excerpt from the application log file is:
------------------------
2001-06-10 12:31:23 StandardContext[/ch16b]: Starting completed
2001-06-10 12:31:32 Authenticator[/ch16b]: Security checking request GET /ch16b/index.jsp
2001-06-10 12:31:32 Authenticator[/ch16b]:  Subject to constraint SecurityConstraint[Entire Application]
2001-06-10 12:31:32 Authenticator[/ch16b]:  Calling checkUserData()
2001-06-10 12:31:32 Authenticator[/ch16b]:  Successfully passed all security constraints
2001-06-10 12:31:32 StandardContext[/ch16b]: Mapping contextPath='/ch16b' with requestURI='/ch16b/index.jsp' and relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]: Decoded relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]:  Mapped to servlet 'jsp' with servlet path '/index.jsp' and path info 'null' and update=true
------------------------

"index.jsp" follows:
------------------------
<html>
 <head>
  <title>Protected Area Page</title>
 </head>
 <body>
  <%
   out.println("<h2>Authentication Mechanism " + request.getAuthType() + "</h2>");
  %>
 </body>
</html>
------------------------

web.xml:
------------------------
<?xml version="1.0" ?>
<!DOCTYPE web-app
   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>Entire Application</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
 </security-constraint>
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>ProJSP Authentication Example</realm-name>
 </login-config>
</web-app>
------------------------

-- 
===================================================================
David M. Karr          ; Best Consulting
dmkarr@earthlink.net   ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)