I am prevented from accessing the application if I use admin and tomcat user accounts. I receive an HTTP-403 error. But, when I attempt to access the application with the fictitious 'bob' user account, the standard login dialog is presented to me over and over. Any ideas???
On Fri, Oct 22, 2010 at 9:36 AM, Keith Masten <spmdt...@gmail.com> wrote: > Configured the web.xml for BASIC authentication. > > > <?xml version="1.0" encoding="ISO-8859-1"?> > <web-app xmlns="http://java.sun.com/xml/ns/j2ee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; > version="2.4"> > <display-name>Vision Application Logs</display-name> > <!-- Define a Security Constraint on this Application --> > <security-constraint> > <web-resource-collection> > <web-resource-name>applogs</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>vsndev-offshore</role-name> > > </auth-constraint> > </security-constraint> > <!-- Define the Login Configuration for this Application --> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>myrealm</realm-name> > > </login-config> > <!-- Security roles referenced by this Web application --> > <security-role> > <role-name>vsndev-offshore</role-name> > </security-role> > </web-app> > > When prompted for username/password, I use what has been defined in the > tomcat-users.xml file and that does not work. It would appear that it is > not even referencing the > list. > > <role rolename="vsndev-offshore"/> > <user username="bob" password="password" roles="vsndev-offshore"/> > > > > On Thu, Oct 21, 2010 at 3:23 PM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >> > From: Keith Masten [mailto:spmdt...@gmail.com] >> > Subject: Re: Securing A Directory Listing >> >> > The realm definition for this tomcat instance is in >> > the server.xml. >> >> That partially answers the question. As the doc says: "You may nest a >> Realm inside any Catalina container Engine, Host, or Context." Where's >> yours? >> >> > Should the realm defined in the web.xml be >> > defined/referenced somewhere? >> >> Probably not, as long as you're comfortable with using the same <Realm> >> for all webapps that require authentication. >> >> > Just tried the basic setup again and no luck. >> >> What is meant by "no luck"? I don't recall any Tomcat error message with >> that phrasing... >> >> > When prompted, I should enter id - bob, pw - bob according >> > to my tomcat-users.xml, correct??? >> >> Correct, as long as the <auth-method> is BASIC. Might want to post your >> current WEB-INF/web.xml file. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all computers. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
