You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eric <li...@spazquest.org> on 2005/07/22 22:33:45 UTC

basic authentication won't accept password (intermittent)

Hello,

My client has a password-protected folder (as shown in the snippet from 
my web.xml below). The problem is that, when accessing a protected 
resource (/members/jobs/index.html), it sometimes asks for the login 
several times before returning the requested page. (This is using BASIC 
authentication, so the browser pops up a dialog in response to the 401.) 
Occasionally it gives up and shows the 401 Unauthorized error page instead.

This problem is reproducible across several browsers on Windows 2000 
(IE6, Firefox, Opera, lynx ...). The Authorization header is the same 
for both successful and unsuccessful requests.

Hosting provider's environment:
Linux 2.4.24 on i686
Apache 2.0.47
Tomcat 5.5.4
Java: Blackdown-1.4.2-rc1

In server.xml, I've increased maxThreads to 250, although this is not a 
high-volume site. (Obviously I'm shooting in the dark at this point ;-)

My questions are: (1) Where should we look for misconfiguration, whether 
in my app or in the hosting environment? (2) Is there any other 
explanation for this behavior?

This is my first Tomcat site in production, so hopefully it's a 
configuration problem. I appreciate any suggestions!

Thanks,
Eric:)

======= from my web.xml =======

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Members Area</realm-name>
</login-config>

<security-role>
    <description>Authorized members</description>
    <role-name>members</role-name>
</security-role>

<security-constraint>
    <!-- the admin sections -->
    <web-resource-collection>
        <web-resource-name>Search Engine</web-resource-name>
        <url-pattern>/jsp/admin/*</url-pattern>
    </web-resource-collection>
    <web-resource-collection>
        <web-resource-name>Data Listing</web-resource-name>
        <url-pattern>/list.do</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

<security-constraint>
    <!-- the members-only section -->
    <web-resource-collection>
        <web-resource-name>members area</web-resource-name>
        <url-pattern>/members/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>members</role-name>
    </auth-constraint>
</security-constraint>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org