Hello,
I'm having an issue with testing BASIC authentication with 3.2.3.
Althought the window prompting for username and password appear,
regardless of the values it always allows access to the requested page.
Can anyone point me in the right direction. I am currently using JBOSS
with embedded tomcat 3.2.3, but have also tried this on standalone
3.2.3. Is this just a version problem? Here are the relevant contents
of my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>ABC</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>abc</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ABCRealm</realm-name>
</login-config>
My tomcat-users.xml:
<user name="roland" password="tutu22" roles="its" />
Your help is appreciated! Thanks!
