Hi all,
I have a couple questions / misunderstandings that I hope you can help me
with. The first is in regards to http BASIC authentication in a web
application.
Basically, I have done the following:
(this is all within a particular application)
META-INF/principals.xml
<principals>
<groups>
<group name="admin">
<description>test</description>
</group>
</groups>
<users>
<user deactivated="false" password="admin" realname="Administrators"
username="admin">
<group-membership group="admin" />
</user>
</users>
</principals>
META-INF/application.xml
. . .
<security-role>
<role-name>admin</role-name>
</security-role>
. . .
web-app/WEB-INF/web.xml
. . .
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Administration</realm-name>
</login-config>
<security-role>
<description>Administrators</description>
<role-name>admin</role-name>
</security-role>
. . .
Now, when I attempt to browse to http://localhost/test/admin (test is the
app dir mapping) I get the following
In Netscape 4.6, 4.7, and 4.72, everything works as expected, I get the
login prompt, type in the information, and It grants me access to the page
In Netscape 6pr1 I simply get 401 Unauthorized (with no attempt by the
browser to allow me to log in)
In IE 5 I get the samy 401 Unauthorized error as in Netscape 6pr1, again
with no attempt to log me in.
Could someone point me to the CORRECT way to implement BASIC authentication
on a url-pattern? I must be doing something wrong because I have
implemented this successfully in the past (0.8.x) but have been unable to do
it now.
Thanks again,
Jeff
