2 Replies Latest reply on Jun 29, 2004 9:52 AM by Anders Görtz

    Auth. problems with tomcat

    Anders Görtz Newbie

      Hi!

      I've got a war file which I would like to protect through username and password authentication. I've added the following in web.xml in the .war file:
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>
      Protected Site
      </web-resource-name>
      <!-- This would protect the entire site -->
      <url-pattern> /* </url-pattern>
      <!-- If you list http methods,
      only those methods are protected -->
      <http-method> DELETE </http-method>
      <http-method> GET </http-method>
      <http-method> POST </http-method>
      <http-method> PUT </http-method>
      </web-resource-collection>
      <auth-constraint>
      <!-- Roles that have access -->
      <role-name> viewer </role-name>
      </auth-constraint>
      </security-constraint>

      <!-- BASIC authentication -->
      <login-config>
      <auth-method> BASIC </auth-method>
      <realm-name> Example Basic Authentication </realm-name>
      </login-config>

      <!-- Define security roles -->
      <security-role>
      Test role
      <role-name> viewer </role-name>
      </security-role>

      Also I have added a file called tomcat-users. xml in the jbossweb-tomcat41.sar/META-INF folder, looking like this:

      <?xml version="1.0" encoding="UTF-8"?>
      <tomcat-users>

      </tomcat-users>

      When a type the URL for the .war I do get a authentication screen from IE but it passes me on to the war file's index.html regardless of what login I do give.