This content has been marked as final. Show 6 replies
I'm seeing the same thing. A webapp will run with BASIC authentication on JBoss-3.2.1, but fails with JBoss-3.2.1_tomcat-4.1.24. Any ideas?
I think I have resolved the issue. You can find a detailed explanation here http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22617.
Basically, what breaks things is supporting the unauthenticated identity. Obviously tomcat tries to authenticate request that have no "Authentication" header (instead of having the browser prompt for credentials first) and thus you are always identified as the unauthenticated identity.
As a workaround, I have defined my application-policy in login-config.xml twice: once with unauthenticatedIdentity (used as realm by EJBs) and once without unauthenticatedIdentity, used in jboss-web.xml and thus for tomcat.
Thanks! I'll give it a try.
Could anyone of you let me know how to get basic authentication to work with JBoss 3.2.1/Tomcat 4.1.24?
A set of files that needs to be edited/configured would be sufficient!
Thanks in advance.
Ok, I got it to work at last..
1. create a jboss-web.xml under WEB-INF directory of war file
2. Provide security-domain for the webapp in this file
other elements as needed
This security domain needs to be defined in conf/login-config.xml file
3. edit web.xml of the war file to provide security-constraint, login-config and security-role elements as appropriate. Here is a sample snippet..
<realm-name>A Descriptive name for the realm</realm-name>
4. create a users.properties and roles.properties and place it under WEB-INF/classes directory of the war file
And this worked.
I just have one question here - should the web-resource-name elements value match the name of the war file exactly?
Yeah looks like in <web-resource-name>XXX</web-resource-name> XXX must be the name of you war minus the .war.
Without that I just keep getting told that my username/password is incorrect.