On Wed, 25 Jul 2001, zze-messager FTM balr002 wrote:
> Is anyone can give me an exemple of a a digest authentification? a
> form ? a basic ? Is is possible to decalre two groups of users with
> differents authorizations ?
>
The standard Tomcat "/examples" webapp includes a URL that is protected by
form-based authentication. Try the following URL:
http://localhost:8080/examples/jsp/security/protected/index.jsp
Other notes of interest:
* Tomcat 3.2 does not support DIGEST authentication, although 4.0 does.
* The login method used is declared on a per-webapp basis, using
the <login-config> element in the "/WEB-INF/web.xml" file. You will
also need to add appropriate security constraints to define what
URLs are protected. See the servlet spec for more information:
http://java.sun.com/products/servlet/download.html
* How Tomcat actually looks up users and roles is something you can
configure in the server.xml file (in a manner that is Tomcat version
dependent). By default, Tomcat loads an XML file at starutp time
from (conf/tomcat-users.xml), but this is just a proof of concept --
real applications would use the JDBCRealm feature in order to tell
Tomcat to load users and roles from a database. (Under Tomcat 4, you
can also use JNDIRealm to access a directory server).
> Delphine
>
Craig McClanahan