Hello ! First of all : maybe you should consider giving exception traces in english ! Because you know, I doubt that a lot of people here can speak Italian. Yes, I know : your Tomcat and your JBuilder are in italian...
If i compile the web application into a .war and deploy on a standalone
tomcat, it just works, it asks me for user and pass of xx rule and let me access it. If i run from JBuilder i get error: org.apache.catalina.realm.JAASRealm authenticate GRAVE: Unexpected error java.lang.SecurityException: Impossibile trovare una configurazione di login
It looks that Tomcat is unable to find its configuration file. And I'm not surprised since the official doc ( http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html) says that you must tweak your server.xml too. But maybe is it a JBuilder conf file ? I don't know, I'm using Eclipse. If i remove from web.xml the following part:
<security-constraint> <display-name>Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>xx</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Protected Area</realm-name> </login-config> <security-role> <role-name>xx</role-name> </security-role> then JBuilder will not throw the error. Probably it ignores the tomcat-users.xml file in /conf/ dir?
No but since you are removing the security constraint it doesn't apply any more ! :-) This line : <url-pattern>/*</url-pattern> means that you must be logged in in order to access any ( /* ) page of your webapp. Remove this and, in the opposite, you can freely browse through the app. The strange thing is that if i remove auth part from web.xml, on JBuilder,
when i run it, the user/pass form still shows, but i just ignore it or click cancel, and if i point with web browser to localhost:8080/xx i can access succesfully.
See above. IMHO, the form still shows because it is the first page of your app. Which is a requirement of Tomcat, AFAIK. I think i gave u all the information needed to find the problem. Hope u can
get a solution for it, i can't figure how to solve from months :( Every time i have to add/remove the auth part from web.xml either i'm debugging or deploying: quite frustrating. Thanks in advance.
HTH, Pierre Goupil -- A celle qui se souvient de chaque parole prononcée, Du premier cri du bébé au serment du héros. Tu es mon témoin éternel.