Basic Authentication w/ Tomcat 3.1

[Ha...@gmx.net]

Hi,

I'm trying to get the Basic Authentication work w/ Tomcat 3.1. I use the
following web.xml and server.xml files.

web.xml:
...
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/admin</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>tomcat</role-name>
    <role-name>myRole</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Authentication Area</realm-name>
</login-config>
...

server.xml:
...
<Context path="/test" 
  docBase="jakarta-context" 
  debug="9" 
  reloadable="true">
</Context>
...

The jakarta-context directory contains the two folders admin and client. If
I use http://localhost:8080/test i will get the list with those two folders,
which is ok. If I use http://localhost:8080/test/admin I get the login box
and after I entered the name and password I get the page with two folders
again, even the URL says http://localhost:8080/test/admin. If don't use the Basic
Authentication I get to the admin site.
It works fine with Tomcat 3.2, but it should run on Tomcat 3.1 ... don't ask
me why, I have no idea :-)

Any ideas what is wrong?
Thanks in advance.

Regards,
Juergen

-- 
Sent through GMX FreeMail - http://www.gmx.net

Re: Basic Authentication w/ Tomcat 3.1

["Craig R. McClanahan" <Cr...@eng.sun.com>]

Hanke.J@gmx.net wrote:

> It works fine with Tomcat 3.2, but it should run on Tomcat 3.1 ... don't ask
> me why, I have no idea :-)

This is one of the many bugs in Tomcat 3.1.  If you want to use container managed
security, you need to use 3.2 or later.

>
> Any ideas what is wrong?
> Thanks in advance.
>
> Regards,
> Juergen
>

Craig McClanahan