Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 63777 invoked from network); 24 Mar 2000 07:59:32 -0000 Received: from neptun.sns-felb.debis.de (53.122.101.2) by locus.apache.org with SMTP; 24 Mar 2000 07:59:32 -0000 Received: by neptun.sns-felb.debis.de; id JAA19329; Fri, 24 Mar 2000 09:01:24 +0100 Received: from unknown(53.113.82.10) by neptun.sns-felb.debis.de via smap (V5.0) id xma019315; Fri, 24 Mar 00 09:01:21 +0100 Received: from ULNT02.ul2.dsh.de (localhost [127.0.0.1]) by dshmail1.dsh.de (8.8.7/8.8.7) with ESMTP id IAA12801 for ; Fri, 24 Mar 2000 08:58:15 +0100 (MET) Received: by ulnt02.ul2.dsh.de with Internet Mail Service (5.5.2650.21) id ; Fri, 24 Mar 2000 09:00:57 +0100 Message-ID: From: "Amrhein, Thomas" To: tomcat-user@jakarta.apache.org Subject: AW: User Authorization Date: Fri, 24 Mar 2000 09:00:56 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N I want to test user authentication, but I don't know yet what the Servlet API Specification exactly says. I can define users in conf/tomcat-users.xml. How and where are roles defined?=20 How are roles assigned to JSPs, servlets or servlet contexts? Does anybody know? Where can I find the Servlet API Specification? thanks Thomas -----Urspr=FCngliche Nachricht----- Von: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com] Gesendet am: Freitag, 24. M=E4rz 2000 03:54 An: tomcat-user@jakarta.apache.org Betreff: Re: User Authorization John Coonrod wrote: > This is another question that a lot of people have asked in the past = week > and I don't feel has been answered... > > Does the tomcat webserver support user login and - if so - how = exactly do I > get it to work? I'm willing to live with the simplest possible login, = but I > want the server to require it, not each servlet or jsp. > Tomcat 3.0 does not support user authentication. Tomcat 3.1beta1 (well, at least the most recent nightly builds, but I'm pretty sure it was there in the beta) has *experimental* support for user authentication. What you do is set up users in the = "conf/tomcat-users.xml" file, and then define your security constraints in the web application deployment descriptor, as described in the Servlet API Specification. = This has not been extensively tested, and there's no further docs at this point. Experimentation and bug reports are welcome! Craig ------------------------------------------------------------------------= -- To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org For additional commmands, email: tomcat-user-help@jakarta.apache.org