You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by teknokrat <te...@yahoo.com> on 2005/04/22 21:39:28 UTC
why is my security not working?
I have placed the following context file
<Context path="/myAdmin"
cachingAllowed="false"
cacheTTL="0"
cacheMaxSize="0"
swallowOutput="false"
>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="5"/>
</Context>
and i have added to web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/myAdmin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>me</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
<security-role>
<description>The role</description>
<role-name>me</role-name>
</security-role>
Yet, I can still access the webapp without tomcat asking for a username
and password. I have added the role and users to tomcat-users.xml too.
thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: why is my security not working?
Posted by teknokrat <te...@yahoo.com>.
Whew, that worked. Thanks!
Do I still need the realm setting in my context file or not? and should
it refer to UserDatabaseRealm or MemoryRealm?
Mark Thomas wrote:
> try:
> <web-resource-collection>
> <web-resource-name>Admin</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
>
> You don't need to include the context in your url patterns.
>
> Mark
>
> teknokrat wrote:
>
>> I have placed the following context file
>>
>> <Context path="/myAdmin"
>> cachingAllowed="false"
>> cacheTTL="0"
>> cacheMaxSize="0"
>> swallowOutput="false"
>> >
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> debug="5"/>
>> </Context>
>>
>> and i have added to web.xml
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Admin</web-resource-name>
>> <url-pattern>/myAdmin/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>me</role-name>
>> </auth-constraint>
>> </security-constraint>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Admin</realm-name>
>> </login-config>
>> <security-role>
>> <description>The role</description>
>> <role-name>me</role-name>
>> </security-role>
>>
>> Yet, I can still access the webapp without tomcat asking for a
>> username and password. I have added the role and users to
>> tomcat-users.xml too.
>>
>> thanks
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: why is my security not working?
Posted by Mark Thomas <ma...@apache.org>.
try:
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
You don't need to include the context in your url patterns.
Mark
teknokrat wrote:
> I have placed the following context file
>
> <Context path="/myAdmin"
> cachingAllowed="false"
> cacheTTL="0"
> cacheMaxSize="0"
> swallowOutput="false"
> >
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> debug="5"/>
>
> </Context>
>
> and i have added to web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Admin</web-resource-name>
> <url-pattern>/myAdmin/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>me</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Admin</realm-name>
> </login-config>
>
> <security-role>
> <description>The role</description>
> <role-name>me</role-name>
> </security-role>
>
> Yet, I can still access the webapp without tomcat asking for a username
> and password. I have added the role and users to tomcat-users.xml too.
>
> thanks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: why is my security not working?
Posted by teknokrat <te...@yahoo.com>.
I should mention I am on tomcat 5.0.28
teknokrat wrote:
> I have placed the following context file
>
> <Context path="/myAdmin"
> cachingAllowed="false"
> cacheTTL="0"
> cacheMaxSize="0"
> swallowOutput="false"
> >
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> debug="5"/>
>
> </Context>
>
> and i have added to web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Admin</web-resource-name>
> <url-pattern>/myAdmin/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>me</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Admin</realm-name>
> </login-config>
>
> <security-role>
> <description>The role</description>
> <role-name>me</role-name>
> </security-role>
>
> Yet, I can still access the webapp without tomcat asking for a username
> and password. I have added the role and users to tomcat-users.xml too.
>
> thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org