Have you turn on the SingleSignOn valve in server.xml?
-Paul
Mark Shaw wrote:
>I'm hoping someone can shed some light on a particular behavior I'm
>experiencing with BASIC authentication and session cookies:
>
>I've set up my servlet to use BASIC authentication and I'm my own very
>simple realm implementation:
> protected String getPassword(String username) { return "tomcat"; }
> protected Principal getPrincipal(String username) {
> List roles = new ArrayList();
> roles.add("test");
> return new GenericPrincipal(this, "tomcat", "tomcat", roles);
> }
>
>I have a Java client that connects to my servlet via a URL connection,
>identical to the code in org.apache.catalina.ant.AbstractCatalinaTask,
>passing in "tomcat" for user and password in the first request which works
>great! In subsequent requests I pass back the sessionID (in a cookie
>labeled "jsessionid"...) instead of the BASIC authentication, but my request
>fails ["This request requires HTTP authentication (Unauthorized)"] although
>my session ID is recognized by the servlet. I figured my initial
>authentication was cached so that I only needed to send the session ID and
>not pass the authentication string in the header each time - this seems to
>be the behavior of the Manager App when I dump its Request/Response headers.
>Any ideas how I can accomplish this from a Java client: only sending
>authentication once, then using the session ID cookie from then on? What's
>even stranger is that if I pass both the BASIC authentication header and my
>session ID every time it works great and my session is recognized, but my
>realm methods (see above) are never called, so the authentication must be
>stashed somewhere?
>
>Thanks for any help,
>-Mark
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
