<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi there,
> I would like to set up my development tomcat-5.0.28 (on port 8080) so that
> all webapps that are not password protected, to have password
> authentification. Since it is my dev box I would like to use the memory
> realm.
> I have this in my web.xml:
> <security-constraint>
> <web-resource-collection>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint role-name="admin"/>
It's:
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
What you have (other than being invalid, if validation-checking was enabled
:), tells Tomcat to forbid access to everyone.
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> </login-config>
>
> I have this in my tomcat-users.xml:
> <tomcat-users>
> <role rolename="tomcat"/>
> <role rolename="role1"/>
> <role rolename="manager"/>
> <role rolename="admin"/>
> <user username="mylogin" password="mypassword"
> roles="admin,manager,role1"/>
> </tomcat-users>
> If I go to http://localhost:8080/manager it asks me to login and then
> gives me access to the webapp as expected. If I go to
> http://localhost:8080/ it asks me to login and if I get it wrong is gives
> me a 401 error as expected but if I get it right it gives me a 403 error
> instead of allowing access to the webapp. This happens with all webapps
> that do not have their own authentication.
> How do I configure tomcat to give me access to my webapps when I login
> correctly?
> Thanks,
> Paul
> --
> Paul Mackinlay (PhD, MEng)
> http://www.webotech.co.uk/
> [EMAIL PROTECTED]
> Tel: +44(0)7050 699971
> Fax: +44(0)7050 699972
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
