Thanks! I've tried this! It runs!!! -----Original Message----- From: John Holman [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 27. August 2003 13:40 To: Tomcat Users List Subject: Re: Authentication without authorisation
Krause <auth-constraint> <role-name>*</role-name> </auth-constraint> Will require authentication but not authorisation. John. Krause Karin wrote: >Hi all, >I've got a question regarding authentication. I wish to do >authentication without authorisation. So this means everybody >should be free to access my web-resource but I wish to know who it is. >Therefore the accessing user must login. >As probably everybody knows >here I can configure that by means of a security-constraint/login-config in my >web.xml file. >Here is a little example: ><security-constraint> > <web-resource-collection> > <web-resource-name>Protect the Helloworld > example</web-resource-name> > <description/> > <url-pattern>/servlet/HelloWorldExample</url-pattern> > <url-pattern>/servlet/SessionExample</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> ></security-constraint> ><login-config> > <auth-method>BASIC</auth-method> > <realm-name>public</realm-name> ></login-config> > >Please remark that no auth-constraint is defined, because anybody should >have free access to this web-resource. So what I need is authentication without >authorisation. >The problem is that only if I define some auth-constraint in the security-constraint >the >authenticate method of the Authenticator will be invoked. I think that the J2EE >Standard >makes no restriction that authentication can only be used in combination with >authorisation. >Am I wrong? Or is this a Tomcat bug? > >Cheers Karin > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]