TC 3.3.1 authentication roles - what is going on?

[Christopher Mark Balz <Ch...@yahoo.com>]

    It seems that to get good authentication whilst tying one role to 
one web app (so only one designated user can use a given designated 
webapp), I must assign two roles to the designated user: an arbitary 
role, and a role of "deployer", and omit or comment out the role of 
"deployer" in web.xml:

     <auth-constraint>
       <role-name>
      dentalExpert0
   </role-name>
     <!-- role-name>
       deployer
     </role-name -->
     </auth-constraint>

In this case, the user "Dr. Alan H" is assigned to be a deployer. 
 Authentication does not work well without this.  I tried creating a 
dummy deployer, paired with dentalExpert0, but that did not work (it's 
commented out below).  At least now, however, I can get good 1-1 
authentication.  I am running across two browser frames, and because 
document.domain assignments do not seem to mollify the furiously buggy 
Tomcat, I have had to submit to requiring the user to log-in twice, once 
for each frame.  That is, until I change web servers.  Anyone have any 
idea of how to explain TC 3.3.1's curious behavior?

<tomcat-users>
  <user name="root" password="xxxxx" 
roles="tomcat,role1,tomcat_admin,tomcat_root" />
  <user name="guest" password="xxxxx" roles="demo_user" />
  <user name="Chris" password="xxxx" roles="deployer" />
  <!-- user name="Chris0" password="xxxx" roles="deployer0" / -->
  <user name="Dr. Alan H" password="xxxxx" roles="dentalExpert0,deployer" />
</tomcat-users>

-- 
". . . / This Cabinet is formd of Gold / And Pearl & Crystal shining bright
And within it opens into a World / . . .
Another England there I saw / Another London with its Tower
Another Thames & other Hills / And another pleasant Surrey Bower
. . ."
- from "The Crystal Cabinet", a poem by William Blake.



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>