Hello all,
I'm ready to pull my hair out getting the security constraint to work.
Basically, I need to forward all traffic except one directory to the https
port. I've got it to work if I use the url-pattern of /*. However, when I
specify the patterns to accomplish the task, nothing matches
, when I turned on security-constraint,my
images would show up for a split second then they would disappear. The
spots where they should be would not even work as a link like they are
setup to be. If you use Firefox it works fine. It works fine being
served up on a windows XP pc with tomcat 5.0.30
I have a new servlet which I've created - whenever you try to access
this servlet, I get the security certificate dialog box (do you want
to accept this certificate). However, this application has no
security constraint in its web.xml file - I don't know why it's trying
to serve up a certificate
, this application has no
security constraint in its web.xml file - I don't know why it's trying
to serve up a certificate. In addition, you have to click 'yes' on
the security dialog three times, as if it's trying to serve the
certificate three times in a row. And, in the end, it doesn't take
the user
--
security-constraint
!--A description for identification by you. In
real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define
--
security-constraint
!--A description for identification by you. In
real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define
]
Subject: security-constraint to limit jsp access
I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being
accessed directly. Instead of throwing them in the WEB-INF folder, I'd
rather just restrict access to them through the security-constraint in the
web.xml.
I
I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being
accessed directly. Instead of throwing them in the WEB-INF folder, I'd
rather just restrict access to them through the security-constraint in the
web.xml.
I recently read that adding:
security-constraint
Jay,
I think you need the auth-constraint tags.
!--Starts the section. Located after jsp-config near end of file--
security-constraint
!--A description for identification by you. In real world might be
Salesmen Area. Or Admin Only--
display-nameExample Security Constraint/display-name
-pattern
/servlet-mapping
...
!-- JAAS Security Realm config --
security-constraint
web-resource-collection
web-resource-nameSecure Struts Actions/web-resource-name
url-pattern*.sec.do/url-pattern
/web-resource-collection
auth-constraint
]
Sent: Monday, October 18, 2004 10:08 AM
To: [EMAIL PROTECTED]
Subject: problem with security-constraint with Tomcat 5
I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat
5.0.28.
We're also using Tiles and Struts 1.1. The problem is that Tomcat 5
seems
to be confused with a url
: problem with security-constraint with Tomcat 5
Hi,
Could this be something that changed (or rather, was clarified) in the
Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4
(which Tomcat 5.x implements)? ;)
Yoav Shapira http://www.yoavshapira.com
-Original Message-
From
On Mon, 18 Oct 2004 10:45:23 -0400, Mercado . Maria [EMAIL PROTECTED] wrote:
Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated
that a url pattern with 2 dots is illegal.
Most systems I am aware of consider that the extension is the last
dot. Otherwise, it starts
18, 2004 7:45 AM
Subject: RE: problem with security-constraint with Tomcat 5
Thanks for the suggestion, Yoav. I looked but I didn't see anything that
stated that a url pattern with 2 dots is illegal.
- Cecile Mercado
-Original Message-
From: Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent
Hello
I am running apache 2.0.46 with SSL with tomcat/mod_jk2, white box
linux. I do not have tomcat running SSL on 8443.
So I have this issue with my app... I am securing my app with the
security-constraint tag in web.xml (connected to mysql backend),
it works perfectly with the url-pattern
not have tomcat running SSL on 8443.
So I have this issue with my app... I am securing my app with the
security-constraint tag in web.xml (connected to mysql backend),
it works perfectly with the url-pattern/clients.jsp/url-pattern.
clients.jsp is a https:// uri, therefore my apache SSL
Goodmorning all,
Can I set a security constraint saying that i need to protect all except a directory
or a certain file?
My folder tree is quite like this one:
myApp
|
+ - - /images/
|
+ - - /WEB-INF/
|
+ -- *.jsp files
Well, what I need is to protect all
help to configure a secure application.
I'm trying to request a client certificate in one page only (the rest should
be accesible without presenting a certificate) and force to use SSL in the
entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
I need help to configure a secure application.
I'm trying to request a client certificate in one page only (the rest should
be accesible without presenting a certificate) and force to use SSL in the
entire application.
I put the following in the web.xml
security-constraint
web
in the
entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
web-resource-namecertificates/web-resource-name
url-pattern/certificates/add.action/url-pattern
http-methodGET/http-method
http-methodPOST
the following in the web.xml
security-constraint
web-resource-collection
web-resource-namecertificates/web-resource-name
url-pattern/certificates/add.action/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web
certificate in one page only (the rest should
be accesible without presenting a certificate) and force to use SSL in the
entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
web-resource-namecertificates/web-resource-name
Hello, how are you?
I need help to configure a secure application.
I am trying to request client certificate in only one page and force to
use SSL in the entire application.
I put the following in the web.xml
security-constraint
web-resource-collection
web-resource
: Re: Overlapping security-constraint definitions?
It's true that how Overlapping security-constraints are handled has
changed between TC 4 TC 5 (since they changed in the servlet-spec),
but that's not what is causing your problem.
[snip
I recently moved from Tomcat 4 to 5, and have discovered that the
handling of overlapping security-constraint definitions in web.xml seems
to have changed. I am hoping someone can recommend the best way to
accomplish what I need to do under TC5.
I have two possible user roles. All users have
all of
your edit* URLs.
Craig Berry [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I recently moved from Tomcat 4 to 5, and have discovered that the
handling of overlapping security-constraint definitions in web.xml seems
to have changed. I am hoping someone can recommend the best way
Hello there,
I use the classic Tomcat 5.0.18 without any modif.
I would like to protect a subset of my webapp. to do so, I did the following stuffs:
- I configured my Tomcat to accept SSL
- I added a security-constraint in web.xml
I am facing the following problems:
1. the url-pattern /frwk
to log into each web app separately.
I.e. if conf/web.xml contains a security constraint that such as
security-constraint
display-nameSite access constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
]
Sent: Wednesday, May 26, 2004 11:53 AM
To: Tomcat Users List
Subject: Can webapps 'share' a security-constraint?
I'd like users to be able to login once and get access to several web
apps. Is it possible for web apps to 'share' a security-contraint?
I've tried putting the constraint into conf
Look at the SingleSignOn valve.
-Original Message-
From: Barnet Wagman [mailto:[EMAIL PROTECTED]
Sent: 26 May 2004 16:53
To: Tomcat Users List
Subject: Can webapps 'share' a security-constraint?
I'd like users to be able to login once and get access to several web
apps
I am trying to configure my application so that everything has to be
encrypted. I was able to do that by using the security constraint at the
bottom of this message. I've had this working for awhile without a problem.
However, now, I want to add an additional restriction. I want to make it so
Jonathan Eric Miller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I am trying to configure my application so that everything has to be
encrypted. I was able to do that by using the security constraint at the
bottom of this message. I've had this working for awhile without
I have Apache2 running as the front end handling all the client PKI
authentication.
Then Tomcat 4.1 using security constraints in the web.xml.
Now I use jk to connect them together and it works fine, sort of.
I can access protected files inside of Tomcat from Apache. Specifically any
file
I have a web application which uses a security-constraint in the deployment
descriptor.
My lone url-pattern in my web-resource-collection is for my welcome page.
This has worked well enough.
However, now I wish to access a specific URL, a servlet that produces pdf
documents, bypassing
What does tomcat do to ensure that you're logged in
while using the j_security_check ?
We're trying to transition users from non-logged in to
logged in, but we've got a fair amt. of portions of
the site that should be accessible from both states
(non-logged in and logged in)
Is there something,
On 03/12/2004 03:34 PM Paul Tomsic wrote:
What does tomcat do to ensure that you're logged in
while using the j_security_check ?
We're trying to transition users from non-logged in to
logged in, but we've got a fair amt. of portions of
the site that should be accessible from both states
no, my question wasn't whether request.getRemoteUser()
returns null or not. HOW, specifically,
does tomcat populate that information using the
j_security_check and the security-constraint nodes in
the web.xml???
__
Do you Yahoo!?
Yahoo! Mail - More reliable
How would I get Tomcat to use a database table instead of the web or server
.xml files' security-constraint.auth-constraint.role-name to enforce
authorization? I would prefer to have objects in my webapp to have
configurable authorization applied to them outside of tomcat configuration
files; Done
method's getPrincipal, getRemoteUser, or
isUserInRole to decide ig the user can do what you want.
The jey point is the servlet spec only places security constraint on the
*incoming* URL. (for 2.3 -- tomcat 4.x)
-Tim
John MccLain wrote:
How would I get Tomcat to use a database table instead
Brandon Goodin [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I have the following security constraint specified in my web.xml:
security-constraint
web-resource-collection
web-resource-nameCustomer Area/web-resource-name
url-pattern/customer/*/url-pattern
I have the following security constraint specified in my web.xml:
security-constraint
web-resource-collection
web-resource-nameCustomer Area/web-resource-name
url-pattern/customer/*/url-pattern
/web-resource-collection
auth-constraint
role-namecustomer
META-INF/web.xml of my application with:
security-constraint
web-resource-collection
web-resource-namesescam/web-resource-name
url-pattern/sescam/Comun/LoginUsuario.jsp/url-pattern
/web-resource-collection
user-data-constraint
transport-guaranteeCONFIDENTIAL
The tag security-constraint is related with Realm authenticator, not
with SSL security.
Juan.
-Mensaje original-
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:11
Para: [EMAIL PROTECTED]
Asunto: security-constraint not work in Tomcat 5.0.18 ?
Hi all
ok, then, How can i force tomcat using hppts with some jsp pages?
Thanks
Mariano López
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:17
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18
Try this in your WEB-INF\web.xml application file
security-constraint
web-resource-collection
web-resource-nameHTMLManger and Manager command/web-resource-name
url-pattern/*.jsp/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
It doesn't work, i can acces this pages using http and i like to force
access https for this pages.
Thanks
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 10:41
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work
connectionTimeout=2
useURIValidationHack=false disableUploadTimeout=true /
Juan.
-Mensaje original-
De: Mariano [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 11:31
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18
disableUploadTimeout=true /
Could it be a tomcat bug in 5.0.18 ?
-Mensaje original-
De: Juan de Bravo [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de febrero de 2004 11:40
Para: 'Tomcat Users List'
Asunto: RE: security-constraint not work in Tomcat 5.0.18 ?
Hi Mariano,
I 've proved
regarding this aspect).
I have declared a security-constraint with no (empty element) assigned
roles for a whole subdirectory containing my JSP pages and other stuff:
url-pattern/s/*/url-pattern. Now direct access to this directory and
the
pages is not possible anymore, everything has
Hi,
I have a strange problem with my Struts-Webapp (nightly build) on 5.0.18 -
every TC version before worked like expected (4.1.x as well as 5.1.x. but
maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been made
to 5.0.18 regarding this aspect).
I have declared a security
(4.1.x as well as 5.1.x. but
maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been
made
to 5.0.18 regarding this aspect).
I have declared a security-constraint with no (empty element) assigned
roles for a whole subdirectory containing my JSP pages and other stuff:
url
Hi,
I have a strange problem with my Struts-Webapp (nightly build) on 5.0.18 -
every TC version before worked like expected (4.1.x as well as 5.1.x. but
maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been made
to 5.0.18 regarding this aspect).
I have declared a security
://localhost/timesheet/login.jsp;. Also, I had a check at the top fo the
login.jsp page to redirect via HTTPS if the connection wasn't secure. Then I found
out about the security-constraint element in my application's web.xml. Under
5.0.16, I added the security-constraint element to my web.xml
I (accidently) figured out the problem with the security-constraint. The problem
was in the Connector definition for port 80 in server.xml. The excerpt from
server.xml that I posted was correct because it was inadvertently from the 5.0.16
installation. (The editor helpfully remembered
I thought it would be a good idea to have a place to learn while I have
my server on-line business uses. In my server.xml I have two sessions
running. One should answer on 8080 and the other off port 80 through
mod_jk/apache. I am testing a simple BASIC auth setup and for some
reason the app
://myserver:3306/mydatabase
driverName=org.gjt.mm.mysql.Driver roleNameCol=role_name
userCredCol=user_password userNameCol=user_name
userRoleTable=user_roles userTable=users /)
Database and corresponding tables exists
2. modify the web.xml to add a security-constraint tag (
security-constraint
web
the web.xml to add a security-constraint tag (
security-constraint
web-resource-collection
web-resource-nameArea de pruebas de
seguridad/web-resource-name
url-pattern/cosa.jsp/url-pattern
url-pattern/test.jsp/url-pattern
http-methodDELETE
Hi everybody,
Im using the security-constraint feature of Tomcat. Everything works well, but I
dont know how to retrieve the login entered during authentication to use it throughout
my application... Have you guys done this before ?
thx
My login page is specified in my web.xml:
login-config
First of all, I am not sure that you need realm-name
in teh web.xml if you user form-based authentication.
You may use getRemoteUser() to get the name of the
user.
--- Giselle Dazzi [EMAIL PROTECTED] wrote:
Hi everybody,
Im using the security-constraint feature of
Tomcat. Everything works
Giselle,
Im using the security-constraint feature of Tomcat. Everything
works well, but I dont know how to retrieve the login entered during
authentication to use it throughout my application... Have you guys
done this before ?
What you want is request.getUserPrincipal(). This will return
See the HttpServletRequest class. (getRemoteUser() or getUserPrincipal())
-Tim
Giselle Dazzi wrote:
Hi everybody,
Im using the security-constraint feature of Tomcat. Everything works well, but I dont know how to retrieve the login entered during authentication to use it throughout my
: Christopher Schultz [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 8:58 PM
Subject: Re: security-constraint question
Giselle,
Im using the security-constraint feature of Tomcat. Everything
works well, but I dont know how to retrieve the login entered during
Thanks guys, I got it...
- Original Message -
From: Giselle Dazzi [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 10:29 PM
Subject: Re: security-constraint question
Im having a hard time calling those methods, I guess I need to create
Caroline:
Tomcat authentication will not work if you store your usernames in a
JDBC source and your user roles in $TOMCAT_HOME/conf/tomcat-users.xml.
You must store the users and roles in the same JDBC source. Do you
store your roles in table user_roles?
Please post your security-constraint
%20Realm
As long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint specified in the application's
web.xml file. And the Tomcat cannot find my
application.
Following your advice, I moved the Realm
declaration outside of the Context declaration
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Configuring%20a%20Realm
As long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint specified in the
application's
web.xml file. And the Tomcat cannot find my
application
applications behave wierd after I
configured
the
JDBCRealm. After experimenting in many
different
ways, I found that as long as I have the
JDBCRealm
in
the server.xml, the Tomcat does not accept
security-constraint specified in the
application's
web.xml file. Please help me.
My configuration
that as long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint specified in the application's
web.xml file. Please help me.
My configuration in the $TOMCAT_HOME/conf/sever.xml is
shown below:
Engine
Host
Context
Realm className=org.apache.catalina.realm.JDBCRealm
Caroline Jen wrote:
My applications behave wierd after I configured
the
JDBCRealm. After experimenting in many different
ways, I found that as long as I have the JDBCRealm
in
the server.xml, the Tomcat does not accept
security-constraint specified in the
application's
web.xml file. Please
, the Tomcat does not accept
security-constraint specified in the
application's
web.xml file. Please help me.
My configuration in the
$TOMCAT_HOME/conf/sever.xml is
shown below:
Engine
Host
Context
Realm
className=org.apache.catalina.realm.JDBCRealm
debug=99
driverName=com.mysql.jdbc.Driver
Tim:
Before I posted my questions regarding the
problem that I encountered, I have gone through
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Configuring%20a%20Realm
As long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint
the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint specified in the application's
web.xml file. And the Tomcat cannot find my
application.
Following your advice, I moved the Realm
declaration outside of the Context declaration into
the Host declaration, and my
My applications behave wierd after I configured the
JDBCRealm. After experimenting in many different
ways, I found that as long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
security-constraint specified in the application's
web.xml file. Please help me.
My configuration
with mod_jk2 -- using apache
2.0x and tomcat 4.1.24. It's running fast, and stable. However, I'm having
some problems with securing the app. Here's the deal.
Security is configured at the application level (i.e. tomcat application)
using the security-constraint configurations in the application
to
/controller?action=withdraw
can only be made by member of the group admin.
How can I protect these resources? If I try to use
security-constraint
web-resource-collection
web-resource-nameListAccounts/web-resource-name
descriptionThe pages/description
) using the
security-constraint configurations in the application specific web.xml file. Works
fine going straight to tomcat ( via port 8080). All files are locked down.
However, I find that going through Apache, via mod_jk2, only the files that are
specified in the workers2.properties are actually
Perhaps you should try using distinct directories instead? That should work
a little more cleanly.
Todd
- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, August 29, 2003 3:01 AM
Subject: Broken?: security constraint for actions
Hello
security-constraint
web-resource-collection
web-resource-nameListAccounts/web-resource-name
descriptionThe pages/description
url-pattern/controller?action=withdraw/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin
to be the minimal configuration
for achieving security) to our web.xml file:
security-constraint
web-resource-collection
web-resource-name
Tutta IPMS
/web-resource-name
/web-resource-collection
/security-constraint
Unfortunately, at startup Tomcat refuses the above lines saying, in its log
the servlet specification from Sun for the full DTD
-Original Message-
From: tito santini [mailto:[EMAIL PROTECTED]
Sent: 28 August 2003 15:24
To: Tomcat Users List
Subject: Tomcat 4.0.3: security-constraint error in web.xml
Dear all,
we actually have this very boring problem on Tomcat
Here's another good resource
http://edocs.bea.com/wls/docs61/webapp/webappdeployment.html#1012209
Cheers
-Original Message-
From: tito santini [mailto:[EMAIL PROTECTED]
Sent: 28 August 2003 15:24
To: Tomcat Users List
Subject: Tomcat 4.0.3: security-constraint error in web.xml
Dear
=DEST
value=%= endPoints [1] %
/applet
As I said above, the jar file is located in the same folder as the jsp.
All of the pages are part of the folder pattern defined in the tag:
security-constraint
web-resource-collection
web-resource-nameSGS Authorized Pages/web
Hi,
I have a serlvet that is used to download a file to the client.
I am using Tomcat 4.1.24, with IE6.
All is fine when no security-constraint is applied in the deployment
descriptor, but when I introduce such a constraint the file cannot be
downloaded. I recieve the error:
Internet Explorer
wrote:
Hi,
I have a serlvet that is used to download a file to the client.
I am using Tomcat 4.1.24, with IE6.
All is fine when no security-constraint is applied in the deployment
descriptor, but when I introduce such a constraint the file cannot be
downloaded. I recieve the error:
Internet Explorer
ah the old IE + SSL + cacheing problem ;)
I am not using SSL,
I haveadding the suggested code it does not
solve the problem...
Cheers
Rob
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
ah the old IE + SSL + cacheing problem ;)
This seems to solve the problem:
response.setHeader(Cache-Control, public);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Cool. Was just writing a response about the headers tomcat adds when
using a security restraint. But you've already worked it out...
I've only seen the problem when using IE with SSL + security constraint
but i guess it's more of a general problem. :(
Jon
Rob Tomlin wrote:
ah the old IE + SSL
The security constraint I am adding is screwing up my web.xml. After adding
the contraint tomcat cannot find my taglibs. Any ideas? (web.xml below)
Thanks,
Euan
?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
Euan,
If you look at the DTD 2.3 specs, the security constraint and
login-confi entries have to be placed after the taglib entries. It's
very picky about tags being in the correct order.
Hope that helps.
__
John Rishea
Avaya, Inc.
(303) 538-4503
-Original Message-
From
Thanks John - solved.
-Original Message-
From: John Rishea [mailto:[EMAIL PROTECTED]
Sent: 14 June 2003 16:46
To: Tomcat Users List
Subject: RE: security constraint web.xml
Euan,
If you look at the DTD 2.3 specs, the security constraint and
login-confi entries have to be placed after
Hi all
My conf:
Tomcat 4.1.18 LE JDK1.4
Apache 2.0.44 with openssl
mod_jk
I want to secure a JSP page, but not with authentication, only with HTTPS
support.
So i added the lines in WEB.XML
security-constraint
web-resource-collection
web-resource-nameTest securing JSP pages/web-resource
Hi!
Does anybody know a method to remove a role from a security constraint
during runtime? I need this for disabling logins for ordinary users during
special maintenance inside the application.
cu,
boris
--
Dipl.-Inf. Boris Folgmann mailto:[EMAIL PROTECTED]
Folgmann IT-Consulting
Hi,
If I have the following configuration:
security-constraint
web-resource-collection
web-resource-namesite/web-resource-name
url-pattern/secret/*/url-pattern
/web-resource-collection
auth-constraint
role-nameadministrator/role-name
/auth-constraint
/security-constraint
:[EMAIL PROTECTED]
Inviato: martedi 4 marzo 2003 12.03
A: Tomcat Users List
Oggetto: Bypassing security-constraint in 4.0.2
Hi,
If I have the following configuration:
security-constraint
web-resource-collection
web-resource-namesite/web-resource-name
url-pattern/secret/*/url
* Simone Chiaretta ([EMAIL PROTECTED]) wrote :
Don't know
probably it's bug of 4.0.2
it's a very old release... I've 4.0.4, I tried bypassing the security to
test if I'm affected too
but it always ask me authentication
I suggest that u upgrade to a newer release of the server
Hi,
Sadly
Programmer
SBD Consultants
http://www.sbdconsultants.com
- Original Message -
From: Felipe Crochik [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 09, 2003 21:34
Subject: IIS+Tomcat security constraint = Unauthorized: Logon Failed
I am trying to use the tomcat security
the Unauthorized: Logon Failed error page regardless the valid
user and password).
I know the ISAPI filter is working because if I remove the security
constraint from tomcat I can get to it and I know the tomcat security
constraint is working because if I can get to it using the stand alone
port
: IIS+Tomcat security constraint = Unauthorized: Logon Failed
Yes. I have defined the user, password and role and everything else needed
to make it work on tomcat. What seems to be the problem is that IIS is
trying to authenticate the user by itself instead of forwarding the
user/password
:[EMAIL PROTECTED]]
Sent: Monday, February 10, 2003 3:50 PM
To: Tomcat Users List
Subject: Re: IIS+Tomcat security constraint = Unauthorized: Logon Failed
Can you authenticate through the Tomcat standalone port? Or does that
fail
as well?
What method of authentication are you using? BASIC or DIGEST
Message -
From: Felipe [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Monday, February 10, 2003 14:39
Subject: RE: IIS+Tomcat security constraint = Unauthorized: Logon Failed
Yes. I can authenticate through the tomcat standalone port.
I am using the BASIC with a MemoryRealm
1 - 100 of 151 matches
Mail list logo