I am tyring to set understand the various user authentication schemes available under Tomcat 3.3.
I would like to eventually be able to use JDBCRealm with mysql. I found the instructions on the tomcat site, but so far I have been unsusccessful to get it to work. So I thought I would first try SimpleRealm but even after following the examples provided, I can't get this to work either! I would appreciate any suggestions! I used the example under the JSP files that includes a protected area using form login. I copied almost exactly, for some reason, whenever I reference the protected area in my browser, it never invokes the authentication and pop-up a form..... SIMPLE REALM 1) Created a new web app and used ant to distribute to TOMCAT webapps with the following structure chi2002/ /demos /accepts /proofs /rejects Browsing to http://localhost:8080/chi2002/ works great. Below I tried to protect the URL /chi2002/demos/* so if I browse to a file such as http://localhost:8080/chi2002/index.html or http://localhost:8080/chi2002 shouldn't the FORM login pop-up? The FORM never appears and requires a login. So what am I Missing?? 2) web.xml for this app is: <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> <web-app> <!-- General description of your web application --> <display-name>chi2002</display-name> <description> CHI2002 DEMO FILES </description> <servlet> <servlet-name>XMLTransformServlet</servlet-name> <description> </description> <servlet-class>com.ge.crd.smg.tg.XMLTransformServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>XMLTransformServlet</servlet-name> <url-pattern>/XMLTransformServlet</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/chi2002/demos/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>chi2002</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses BASIC authentication --> <!-- <login-config> <auth-method>BASIC</auth-method> <realm-name>Example Basic Authentication Area</realm-name> </login-config> --> <!-- Form-based login is enabled by default. If you wish to try Basic authentication, comment out the <login-config> section below and uncomment the one above. --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> </web-app> 3) Created apps-chi2002.xml for <Context>: <?xml version="1.0" encoding="ISO-8859-1"?> <webapps> <Context path="/chi2002" docBase="webapps/chi2002" crossContext="false" debug="1" reloadable="true" > <SimpleRealm filename="conf/users/chi2002-users.xml" /> <!-- <JDBCRealm debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/authority" connectionName="mysql" connectionPassword="mysql02" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" /> --> </Context> </webapps> 4) Created conf/users/chi2002-users.xml <tomcat-users> <user name="sigchi" password="sigchi" roles="chi2002" /> </tomcat-users> > Bowden > g GE Global Research Center > >___________________________________________________________________________________________________ > ________________ G. Bowden Wise mailto:[EMAIL PROTECTED] Information and Decision Technologies GE Global Research Center Building K1, Room 5B2C PO Box 8 | One Research Circle Schenectady, NY 12301 | Niskayuna NY 12309 Fax: 518-387-6104 -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>