Security Constraint and Server.xml and Login Config

[ed banfa <e_...@yahoo.com>]

Hi ,

How is everyone doing, hope ok.

I have this problem with trying to use Basic authentication with my web app. I have Tomcat 4.1.10 up and running on win 2000 machine using j2sdk1.4.

Tomcat is listening on port 8443 for SSL connnections. I would like the browser to display a login box to the user when the user attempts to access a protected resource. When I try to check/test the app, It allows me into the restricted area with out having to log in. I expect to be promted to enter a user name and a password but hey nothing like thats happens. What am I doing wrong????.

 

Please if u can help me out I will appreciate it

Below is what my web.xml looks like. The manager role is the same role name I specified in tomcat-users.xml

<web-app>

<security-constraint>

<web-resource-collection>

<web-resource-name>

Secure Area

</web-resource-name>

<url-pattern>/secure/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>manager</role-name>

<role-name>tomcat</role-name>

</auth-constraint>

</security-constraint>

<security-role>

<role-name>manager</role-name>

</security-role>

<login-config>

<auth-method>BASIC</auth-method>

<realm-name>User Basic Authentication</realm-name>

</login-config>

</web-app>

 

Thanks in advance 

Edward

 



---------------------------------
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!