tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Bergsten <h...@gefionsoftware.com>
Subject Re: security-constraint
Date Sat, 02 Sep 2000 21:31:00 GMT
Jon Stevens wrote:
> 
> hey all,
> 
> Using latest tomcat in CVS.
> 
> I'm trying to setup BASIC auth security for a webapp context and it isn't
> working at all.
> 
> I have a webapp/PROJECT/templates directory that I would like a BASIC auth
> popup to appear on. I don't even care if there is no username/password right
> now. I just want the popup to happen.
> 
> Here is what I have in my webapp/PROJECT/WEB-INF/web.xml:
> 
> <webapp>
>     <servlet>
>         ...
>     </servlet>
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>templates</web-resource-name>
>             <url-pattern>/templates/*</url-pattern>
>             <user-data-constraint>
>                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>             </user-data-constraint>
>         </web-resource-collection>
>         <login-config>
>             <auth-method>BASIC</auth-method>
>             <realm-name>Don't go there</realm-name>
>         </login-config>
>     </security-constraint>
> </webapp>
> 
> The above doesn't work at all.
> 
> Any suggestions?

You don't specify who has access. Try adding an <auth-constraint>
element as well. Also, I'm not sure <transport-guarantee> is
implemented. What you specify here is that the resources must only
be made available if an HTTPS connection is used. Was that the
intention?

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com

Mime
View raw message