Tom Cat
2008-08-18 19:56:37 UTC
Hello,
I am trying to setup basic http authentication with tomcat. I modified
my the web.xml file in the project's WEB-INF folder. Here is the
relevant portion:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
<security-constraint>
<web-resource-collection>
<web-resource-name>
Admin
</web-resource-name>
<url-pattern>/myAdmin/admin.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name><security-roles>admin</security-roles></role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin System</realm-name>
</login-config>
</web-app>
I think this should be enough to require authentication when someone
goes to http://localhost:8080/myAdmin/admin.html on the local machine.
And yet, it allows everyone access to the page, without even prompting
for any sort of authentication. Anyone have an idea why?
Thanks
---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
I am trying to setup basic http authentication with tomcat. I modified
my the web.xml file in the project's WEB-INF folder. Here is the
relevant portion:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
<security-constraint>
<web-resource-collection>
<web-resource-name>
Admin
</web-resource-name>
<url-pattern>/myAdmin/admin.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name><security-roles>admin</security-roles></role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin System</realm-name>
</login-config>
</web-app>
I think this should be enough to require authentication when someone
goes to http://localhost:8080/myAdmin/admin.html on the local machine.
And yet, it allows everyone access to the page, without even prompting
for any sort of authentication. Anyone have an idea why?
Thanks
---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org