You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Posta Winsome <a....@winsome.it> on 2001/04/20 12:52:49 UTC
Tomcat Authentication doesn't seem to work at all!
Hi all.
Sorry, but I'm a newby in Tomcat Authentication, so I have some problems in
my first test......
In my web application, the file web.xml contains the following lines:
<security-constraints>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>my-html-document.html</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraints>
<role-name>my-role-name</role-name>
</auth-constraints>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraints>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>VPOAdmin</realm-name>
</login-config>
but despite this, I can always reach the html document in my web root.
The same if I write:
<url-pattern>/my-web-root/my-html-document.html</url-pattern>
<url-pattern>/my-web-root/*</url-pattern>
<url-pattern>*</url-pattern>
.........
the browser *NEVER* prompt me for users and password!
I'm really going mad!
I use Tomcat 3.2.1 in a Linux RH 6.2 box
Any help?
Thanks in advance.