Hi Thomas,
I am also having a similiar problem in our system. I am
using HTTPClient jar as http client.Our product is running on tomcat
3.2.3+Apache1.3. (Windows NT)
1)Pls look at the following code.
HTTPConnection httpcon = new HTTPConnection(url);
httpcon.addBasicAuthorization(es,username,password);
even though the above code exists for Basic Authorization, it is still
popping up
java dialog box asking username and passoword.
Why the console popping up?..
2)here i set userinteraction to false and commented the authorization
code, now it is not popping up the java console.But the system running
properly and gets the required data without asking username and password.
HTTPConnection httpcon = new HTTPConnection(url);
httpcon.setAllowUserInteraction(false);
//httpcon.addBasicAuthorization(es,username,password);
How is it possible?..Is there security hole with the site?...
NOTE:
I should enter username and password when i tried to access the
site thro browser.Otherwise it is throwing error.
Any help would be appreciated...
thanks,
Ramkumar
- Original Message -
From: Thomas Muller [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 17, 2003 3:50 PM
Subject: Tomcat 3.2.1: Basic authentication and Win 2000
Hi,
When I try to apply basic authentication to an area, Win 2000 pops up with
a
login dialog that requires windows credentials (or something). It seems
like
Windows refuses do allow Tomcat to do authentication alone. Without any
knowledge of Tomcat internals, I guess it's the AccessInterceptor that
controls the behaviour (or at least tries to):
RequestInterceptor
className=org.apache.tomcat.request.AccessInterceptor
/
I've tried to define the windows login credentials in tomcat-users.xml,
allow the actual Tomcat service to run as that user etc etc. Nothing
helps.
Can't log in.
security-constraint
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/server/*/url-pattern
/web-resource-collection
auth-constraint
role-namembxadmin/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses BASIC authentication
login-config
auth-methodBASIC/auth-method
realm-nameBasic Authentication Area/realm-name
/login-config
How can I instruct win 2000 (or Tomcat) to override the OS specific
behaviour?
Any input on this would be much appreciated.
--
Thomas
*
Copyright ERA Technology Ltd. 2002. (www.era.co.uk). All rights reserved.
The information supplied in this Commercial Communication should be
treated
in confidence.
No liability whatsoever is accepted for any loss or damage
suffered as a result of accessing this message or any attachments.
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]