basic authentication won't accept password (intermittent)

Fri, 22 Jul 2005 13:31:55 -0700 

Hello,
My client has a password-protected folder (as shown in the snippet from my web.xml below). The problem is that, when accessing a protected resource (/members/jobs/index.html), it sometimes asks for the login several times before returning the requested page. (This is using BASIC authentication, so the browser pops up a dialog in response to the 401.) Occasionally it gives up and shows the 401 Unauthorized error page instead. 


This problem is reproducible across several browsers on Windows 2000 
(IE6, Firefox, Opera, lynx ...). The Authorization header is the same 
for both successful and unsuccessful requests.


Hosting provider's environment:
Linux 2.4.24 on i686
Apache 2.0.47
Tomcat 5.5.4
Java: Blackdown-1.4.2-rc1


In server.xml, I've increased maxThreads to 250, although this is not a 
high-volume site. (Obviously I'm shooting in the dark at this point ;-)



My questions are: (1) Where should we look for misconfiguration, whether 
in my app or in the hosting environment? (2) Is there any other 
explanation for this behavior?



This is my first Tomcat site in production, so hopefully it's a 
configuration problem. I appreciate any suggestions!


Thanks,
Eric:)

======= from my web.xml =======

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>Members Area</realm-name>
</login-config>

<security-role>
   <description>Authorized members</description>
   <role-name>members</role-name>
</security-role>

<security-constraint>
   <!-- the admin sections -->
   <web-resource-collection>
       <web-resource-name>Search Engine</web-resource-name>
       <url-pattern>/jsp/admin/*</url-pattern>
   </web-resource-collection>
   <web-resource-collection>
       <web-resource-name>Data Listing</web-resource-name>
       <url-pattern>/list.do</url-pattern>
   </web-resource-collection>
   <auth-constraint>
       <role-name>admin</role-name>
   </auth-constraint>
</security-constraint>

<security-constraint>
   <!-- the members-only section -->
   <web-resource-collection>
       <web-resource-name>members area</web-resource-name>
       <url-pattern>/members/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
       <role-name>members</role-name>
   </auth-constraint>
</security-constraint>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to