You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jon Skeet <jo...@peramon.com> on 2000/10/11 12:23:49 UTC
Is tomcat-users.xml still used under Tomcat 3.2?
Under Tomcat 3.1 I certainly had *problems* with security constraints,
but at least it knew who the users were. I now have the following
tomcat-users.xml file in my conf directory:
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="admin" password="secret" roles="administrator" />
</tomcat-users>
(This is only for testing purposes, of course :)
In web.xml for a certain web-app I have:
<security-constraint>
<web-resource-collection>
<web-resource-name>Configuration</web-resource-name>
<url-pattern>/infconfig/*</url-pattern>
<url-pattern>/appconfig/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
Sure enough, trying to access infconfig/index.html pops up a dialog box
- but entering user "admin" and password "secret" doesn't get me any further,
when it used to on Tomcat 3.1. Any ideas what's changed?
Jon, knowing he'll get at least *one* reply to this ;)