And you restart Tomcat after changing tomcat-user.xml ?
> -----Original Message----- > From: Roland Carlsson [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 6:21 AM > To: Tomcat Users List > Subject: Re: MemoryRealm and tomcat-users.xml > > > Yes, i'm only testing with one file, the problem is that I > can't get tomcat to use the tomcat-users.xml so that I can > login with user test. > > Regards > Roland Carlsson > > ----- Original Message ----- > From: "Abid Ali Teepo" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Friday, July 18, 2003 1:13 PM > Subject: RE: MemoryRealm and tomcat-users.xml > > > It looks correct to me ... your url-pattern will only trigger > on that specific file... but i guess you know that .. > > Abid > > -----Original Message----- > From: Roland Carlsson [mailto:[EMAIL PROTECTED] > Sent: 18. juli 2003 13:06 > To: Tomcat Users List > Subject: Re: MemoryRealm and tomcat-users.xml > > > Heres my tomcat-users.xml > > <tomcat-users> > <role rolename="supervisor" /> > <role rolename="tomcat" /> > <role rolename="role1" /> > <role rolename="manager" /> > <user name="tomcat" password="tomcat" > roles="tomcat,supervisor" /> > <user name="role1" password="tomcat" roles="role1" > /> > <user name="both" password="tomcat" > roles="tomcat,role1" /> > <user name="test" password="test" > roles="supervisor,manager" /> </tomcat-users> > > > and a part of my web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Security test</web-resource-name> > <url-pattern>/afile.jsp</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > > </web-resource-collection> > > <auth-constraint> > <role-name>supervisor</role-name> > </auth-constraint> > > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > > <form-login-config> > <form-login-page>/login.html</form-login-page> > <form-error-page>/error.html</form-error-page> > </form-login-config> > > </login-config> > <security-role> > <role-name>supervisor</role-name> > </security-role> > > Regards > Roland > > ----- Original Message ----- > From: "Abid Ali Teepo" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Friday, July 18, 2003 12:59 PM > Subject: RE: MemoryRealm and tomcat-users.xml > > > Hi > > Don't you have to add the roles in your web.xml under the > tag security-constraint. And there has to be matching roles > in auth-constraint and security-role.... if you haven't done > this...it could be the problem ... > > Abid > > -----Original Message----- > From: Roland Carlsson [mailto:[EMAIL PROTECTED] > Sent: 18. juli 2003 12:52 > To: Tomcat Users List > Subject: MemoryRealm and tomcat-users.xml > > > Hi! > > I have created a simple form-based authentication. > > It works well with the predefined users (tomcat, role1) but > it doesn't work at all if I try to add users and roles in the > /%tomcat-root%/conf/tomcat-users.xml. > > My server.xml is not changed from install so it defines a > realm in the Engine-element that according to the comments > should be used for all webapps in the server. > > What have I missed? > > Thanks in advance > Roland Carlsson > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]