In the default tomcat setup (I'm assuming you're using 4.0.3) the memory realm is declared in server.xml. This reads users, passwords and roles from tomcat-users.xml also in the conf directory.
Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -----Original Message----- From: Urtzi Larrazabal [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 2:12 PM To: 'Tomcat Users List' Subject: RE: Restricting Access to Web Resources ohh!! you are right ! But now, when I try to access to my aplication I am prompted for a user and a password,and if I introduce tomcat user and tomcat password I can't access. Where must be defined the users with access permisions, I mean where must I especify the <role-name>tomcat</role-name> ?? In the directory /conf/users there are some files:admin-users.xml example-users.xml global-users.xml tomcat-users.xml thanks a lot ! -----Original Message----- From: John Burgess [mailto:[EMAIL PROTECTED]] Sent: jueves 6 de junio de 2002 14:54 To: Tomcat Users List Subject: RE: Restricting Access to Web Resources I believe the URL you want is /* i.e. the /MyApp is assumed since you are defining the constraint in the MyApp context Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -----Original Message----- From: Urtzi Larrazabal [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 10:01 AM To: 'Tomcat Users List' Subject: Restricting Access to Web Resources Hi friends, I am trying to protect my application with an authentification but I don't know why my security constraint is ignored. When I access to the application I'm not prompted for a user and a password. Does anyone know what am I doing wrong? #cd webapps/Myaplicaion/WEB-INF #more web.xml <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> <web-app> <security-constraint> <web-resource-collection> <web-resource-name> Restricted Area </web-resource-name> <url-pattern>/Myaplication/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>My Secure Test Area</realm-name> </login-config> </web-app> regards, Urtzi Larrazabal -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>