You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Russell Allen <ra...@emageon.com> on 2000/12/08 19:00:31 UTC

User Authentication config (Tomcat vs. Apache)

Greetings all,
    I am having trouble getting authorization to work for a web-app in Tomcat.  I would appreciate any advise I can get.  Here is my case:

I am using Apache 1.3.12 & Tomcat 3.2 (I also want 3.1 to work)
I have a webapp deployed entirely under Tomcat/webapps/ecims

I want user authentication to happen on ANY file, servlet, jsp, etc... in that webapp.

This is what I have done, and the effect:

I added this to my Tomcat/webapps/ecims/web-inf/web.xml file:
<security-constraint>
  <web-resource-collection>
   <web-resource-name>Protected Area</web-resource-name>
   <url-pattern>/*</url-pattern>
   <http-method>DELETE</http-method>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
   <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>ecims</role-name>
  </auth-constraint>
 </security-constraint>
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Example Basic Authentication Area</realm-name>
 </login-config>

When I hit my index page, I got the Auth dialog from IE.  (great! It works...)
Then as I browsed through all is well... until I hit an Applet.  The Applet loading caused another auth dialog BUT it was a java based dialog.  And it continued popping up java dialogs for my auth info.  It asks about 6 or 8 times, and it hit about 30-40 urls.  ALL of these connections are back to servlets in my webapp (ecims).
My only thoughts are... I am using the Java plugin and maybe it is connecting directly to the server instead of using IE.  This would explain it not having the previously entered user and password.  However it does not explain why I get asked several times for what is the same URL (excluding parameters).

I thought I would try using Apache security:
I did set it up but it is ignored if I use port 8080 (Tomcat for me).  If I use 80 (Apache) then it asks and works for static content of my web-app but any dynamic content fails to load.

Thoughts, comments, and pointers are all welcome. Thanks in advance.

RA.


Russell Allen
Sr. Software Engineer
Emageon
(205) 980-9222x605