You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jon Skeet <jo...@peramon.com> on 2000/10/11 12:23:49 UTC

Is tomcat-users.xml still used under Tomcat 3.2?

Under Tomcat 3.1 I certainly had *problems* with security constraints,
but at least it knew who the users were. I now have the following
tomcat-users.xml file in my conf directory:

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />
  <user name="admin" password="secret" roles="administrator" />
</tomcat-users>

(This is only for testing purposes, of course :)

In web.xml for a certain web-app I have:

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Configuration</web-resource-name>
        <url-pattern>/infconfig/*</url-pattern>
        <url-pattern>/appconfig/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>administrator</role-name>
      </auth-constraint>
    </security-constraint>

Sure enough, trying to access infconfig/index.html pops up a dialog box
- but entering user "admin" and password "secret" doesn't get me any further,
when it used to on Tomcat 3.1. Any ideas what's changed?

Jon, knowing he'll get at least *one* reply to this ;)