RE: Authentication without authorisation

Wed, 27 Aug 2003 15:18:26 +0000 

Thanks!
I've tried this!
It runs!!!

-----Original Message-----
From: John Holman [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 27. August 2003 13:40
To: Tomcat Users List
Subject: Re: Authentication without authorisation


Krause

   <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>

Will require authentication but not authorisation.

John.


Krause Karin wrote:

>Hi all,
>I've got a question regarding authentication. I wish to do
>authentication without authorisation. So this means everybody
>should be free to access my web-resource but I wish to know who it is.
>Therefore the accessing user must login.
>As probably everybody knows
>here I can configure that by means of a security-constraint/login-config in my 
>web.xml file.
>Here is a little example:
><security-constraint>
>               <web-resource-collection>
>                       <web-resource-name>Protect the Helloworld 
> example</web-resource-name>
>                       <description/>
>                       <url-pattern>/servlet/HelloWorldExample</url-pattern>
>                       <url-pattern>/servlet/SessionExample</url-pattern>
>                       <http-method>POST</http-method>
>                       <http-method>GET</http-method>
>               </web-resource-collection>
></security-constraint>
><login-config>
>               <auth-method>BASIC</auth-method>
>               <realm-name>public</realm-name>
></login-config>
>
>Please remark that no auth-constraint is defined, because anybody should
>have free access to this web-resource. So what I need is authentication without 
>authorisation. 
>The problem is that only if I define some auth-constraint in the security-constraint 
>the
>authenticate method of the Authenticator will be invoked. I think that the J2EE 
>Standard
>makes no restriction that authentication can only be used in combination with 
>authorisation.
>Am I wrong? Or is this a Tomcat bug?
>
>Cheers Karin
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to