2 Replies Latest reply on Jun 29, 2004 9:52 AM by gortz

Auth. problems with tomcat

gortz Jun 29, 2004 5:14 AM

Hi!

I've got a war file which I would like to protect through username and password authentication. I've added the following in web.xml in the .war file:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Site
</web-resource-name>

<url-pattern> /* </url-pattern>

<http-method> DELETE </http-method>
<http-method> GET </http-method>
<http-method> POST </http-method>
<http-method> PUT </http-method>
</web-resource-collection>
<auth-constraint>

<role-name> viewer </role-name>
</auth-constraint>
</security-constraint>


<login-config>
<auth-method> BASIC </auth-method>
<realm-name> Example Basic Authentication </realm-name>
</login-config>


<security-role>
Test role
<role-name> viewer </role-name>
</security-role>

Also I have added a file called tomcat-users. xml in the jbossweb-tomcat41.sar/META-INF folder, looking like this:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>

</tomcat-users>

When a type the URL for the .war I do get a authentication screen from IE but it passes me on to the war file's index.html regardless of what login I do give.

1. Re: Auth. problems with tomcat

jgettle Jun 29, 2004 8:57 AM (in response to gortz)

You're posting in the wrong forum.

Take a look here. It's a great example of how to enable basic auth on a web application in jboss/tomcat.
Actions
2. Re: Auth. problems with tomcat

gortz Jun 29, 2004 9:52 AM (in response to gortz)

Hi!

I've done the exact thing to jmx-console but it generates a different situation since it doesn't let me login at all. When I try to do the same thing to my .war-file it still lets me lgin regardless of what I type in the login box... what do I do wrong?

Another question; Which forum should I use?

BR
Anders
Actions

Go to original post