It seems that to get good authentication whilst tying one role to
one web app (so only one designated user can use a given designated
webapp), I must assign two roles to the designated user: an arbitary
role, and a role of "deployer", and omit or comment out the role of
"deployer" in web.xml:
<auth-constraint>
<role-name>
dentalExpert0
</role-name>
<!-- role-name>
deployer
</role-name -->
</auth-constraint>
In this case, the user "Dr. Alan H" is assigned to be a deployer.
Authentication does not work well without this. I tried creating a
dummy deployer, paired with dentalExpert0, but that did not work (it's
commented out below). At least now, however, I can get good 1-1
authentication. I am running across two browser frames, and because
document.domain assignments do not seem to mollify the furiously buggy
Tomcat, I have had to submit to requiring the user to log-in twice, once
for each frame. That is, until I change web servers. Anyone have any
idea of how to explain TC 3.3.1's curious behavior?
<tomcat-users>
<user name="root" password="xxxxx"
roles="tomcat,role1,tomcat_admin,tomcat_root" />
<user name="guest" password="xxxxx" roles="demo_user" />
<user name="Chris" password="xxxx" roles="deployer" />
<!-- user name="Chris0" password="xxxx" roles="deployer0" / -->
<user name="Dr. Alan H" password="xxxxx" roles="dentalExpert0,deployer" />
</tomcat-users>
--
". . . / This Cabinet is formd of Gold / And Pearl & Crystal shining bright
And within it opens into a World / . . .
Another England there I saw / Another London with its Tower
Another Thames & other Hills / And another pleasant Surrey Bower
. . ."
- from "The Crystal Cabinet", a poem by William Blake.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
