Have you turn on the SingleSignOn valve in server.xml? -Paul
Mark Shaw wrote: >I'm hoping someone can shed some light on a particular behavior I'm >experiencing with BASIC authentication and session cookies: > >I've set up my servlet to use BASIC authentication and I'm my own very >simple realm implementation: > protected String getPassword(String username) { return "tomcat"; } > protected Principal getPrincipal(String username) { > List roles = new ArrayList(); > roles.add("test"); > return new GenericPrincipal(this, "tomcat", "tomcat", roles); > } > >I have a Java client that connects to my servlet via a URL connection, >identical to the code in org.apache.catalina.ant.AbstractCatalinaTask, >passing in "tomcat" for user and password in the first request which works >great! In subsequent requests I pass back the sessionID (in a cookie >labeled "jsessionid"...) instead of the BASIC authentication, but my request >fails ["This request requires HTTP authentication (Unauthorized)"] although >my session ID is recognized by the servlet. I figured my initial >authentication was cached so that I only needed to send the session ID and >not pass the authentication string in the header each time - this seems to >be the behavior of the Manager App when I dump its Request/Response headers. >Any ideas how I can accomplish this from a Java client: only sending >authentication once, then using the session ID cookie from then on? What's >even stranger is that if I pass both the BASIC authentication header and my >session ID every time it works great and my session is recognized, but my >realm methods (see above) are never called, so the authentication must be >stashed somewhere? > >Thanks for any help, >-Mark > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>