Re: Realm Tag in webappnamecontext.xml

Wed, 31 May 2006 06:57:46 -0700 

Ok, I have read both the Tomcat's Realm How-to and also the Servlet Specs.
I have the following application context and web.xml files.  When I go to
http://localhost:8080/mywebappcontext/index.jsp, then page pulls up and no
dialog box comes up asking the user for username/password.  I know I am
missing something.  I can only guess that the way I have it set up, that the
servlet container is validating against LDAP (anonymous access is turned
off) without any credentials being presented.

Are there any thoughts/leads?

Goal of security constraint:
More information on the LDAP setup in case that may be culprit.  We created
a new group called TestGroup that is in the structure defined by the URL.
We want to check the memberOf attribute of this group to see if the username
the is a member of that group.


mywebappcontext.xml:
<Context path="/mywebappcontext">
   <Realm  name="testRealm"
           className="org.apache.catalina.realm.JNDIRealm"

connectionURL="ldaps://ldapmachine1/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"


alternateURL="ldaps://ldapmachine2/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"
   />
</Context>

web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
        version="2.4">

   <servlet>
       <servlet-name>Servlet</servlet-name>
       <servlet-class>com.mycompany.MyServlet</servlet-class>
       <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
       <servlet-name>Turnover Servlet</servlet-name>
       <url-pattern>/servlet</url-pattern>
   </servlet-mapping>
   <session-config>
       <session-timeout>5</session-timeout>
   </session-config>
   <welcome-file-list>
       <welcome-file>
           index.jsp
       </welcome-file>
   </welcome-file-list>
   <security-constraint>
 <web-resource-collection>
  <web-resource-name>Restricted web resources (all)</web-resource-name>
  <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-contraint/>
   </security-constraint>

</web-app>



On 5/30/06, Mark Thomas <[EMAIL PROTECTED]> wrote:


Marc Farrow wrote:
> I have a context with the following Realm tag.  However, when I navigate
to
> the page, the page pulls up without any type of authentication.  What am
I
> missing?  I have read the "Realm Configuration HOW-TO" at apache.org.

How you read chapter SRV.12 of the servlet spec? Specifically, what
did you put in web.xml?

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Marc Farrow

Reply via email to