You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ed banfa <e_...@yahoo.com> on 2002/09/26 15:08:11 UTC
Security Constraint and Server.xml and Login Config
Hi ,
How is everyone doing, hope ok.
I have this problem with trying to use Basic authentication with my web app. I have Tomcat 4.1.10 up and running on win 2000 machine using j2sdk1.4.
Tomcat is listening on port 8443 for SSL connnections. I would like the browser to display a login box to the user when the user attempts to access a protected resource. When I try to check/test the app, It allows me into the restricted area with out having to log in. I expect to be promted to enter a user name and a password but hey nothing like thats happens. What am I doing wrong????.
Please if u can help me out I will appreciate it
Below is what my web.xml looks like. The manager role is the same role name I specified in tomcat-users.xml
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Secure Area
</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>manager</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>User Basic Authentication</realm-name>
</login-config>
</web-app>
Thanks in advance
Edward
---------------------------------
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!