Hi, I'd like to apply a security constraint for a webapp through a LDAP server. But I don't want to take account of eventual roles associated with a user.
Here is a part of my web.xml : ### web.xml : BEGIN ### <!-- Security constraints --> <security-constraint> <web-resource-collection> <web-resource-name>MyApp</web-resource-name> <description>Authenticated users (LDAP)</description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>MyApp Protected Area</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/autherr.html</form-error-page> </form-login-config> </login-config> ### web.xml : END ### As you can see, there's no role specified in the <auth-constraint> tag, and there's no <security-role> declared, as I precisely don't want to check roles to access to my webapp. Here's a part of my context.xml : ### context.xml : BEGIN ### <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="xxx" connectionPassword="xxx" connectionURL="ldap://company.com:389" userBase="ou=people,dc=company,dc=com" userSearch="(uid={0})" /> ### context.xml : END ### Here's the login.html file : ### login.html : BEGIN ### <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Login Page</title> </head> <body> <h1>Login to My Web Application</h1> <p> If you have been issued a username and password, key them in here now! </p> <form method="POST" action="j_security_check"> Username : <input type="text" size="15" maxlength="25" name="j_username"><br><br> Password : <input type="password" size="15" maxlength="25" name="j_password"><br><br> <input value="Login" type="submit"> <input value="Clear" type="reset"> </form> </body> </html> ### login.html : END ### As you can see, I've put the "j_security_check" action, and the j_username & j_password variables. The user/password test is correctly checked, and passed, but there's something wrong because the role doesn't match or something, but I don't want and I don't need to check roles. How can I achieve it ? Here's an extract of my log file, that shows that the authentification succeeds : ### log : BEGIN ### DEBUG http-8080-Processor23 org.apache.catalina.authenticator.FormAuthenticator - Authenticating username 'toto' DEBUG http-8080-Processor23 org.apache.catalina.authenticator.FormAuthenticator - Authentication of 'toto' was successful ### log : END ### Thanks in advance, piloupy --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]