tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willie Wheeler" <wwhee...@andrew.cmu.edu>
Subject Authentication
Date Wed, 23 Feb 2000 20:10:16 GMT
I have been trying to use declarative security from a web app that I am
writing, but to no avail.  Specifically I would like to use the deployment
descriptor to force a login when an unauthenticated user tries to access
various resources.  So far I cannot figure out how to detect when an
unauthenticated user is trying to access a resource.  I am using Tomcat 3.0.
Has this yet been implemented?  Are form-based login, basic login, etc.
implemented?

Here is part of my deployment descriptor:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>SignIn</web-resource-name>
      <url-pattern>/control/signin</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>customer</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/control/login.jsp</form-login-page>
      <form-error-page>/control/errorpage.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <role-name>customer</role-name>
  </security-role>

    Thanks,
    Willie Wheeler
    wwheeler@andrew.cmu.edu



Mime
View raw message