You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Urtzi Larrazabal <ur...@esi.es> on 2002/06/06 11:00:57 UTC

Restricting Access to Web Resources


Hi friends,

I am trying to protect my application with an authentification but I don't know why my security constraint is ignored. When I access to the application I'm not prompted for a user and a password. Does anyone know what am I doing wrong?


#cd webapps/Myaplicaion/WEB-INF
#more web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">


<web-app>

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>
                                Restricted Area
                        </web-resource-name>
                        <url-pattern>/Myaplication/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>tomcat</role-name>
                </auth-constraint>
        </security-constraint>


        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>My Secure Test Area</realm-name>
        </login-config>

</web-app>


regards,

Urtzi Larrazabal

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>