tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho <na...@siapi.es>
Subject RE: HTTP BASIC Authentication
Date Fri, 05 May 2000 10:07:10 GMT
I posted a bug in the last days, but they preferred to do a new design
of security and wont patch a experimental feature, this not help but
clarifies..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: ECharvel@claritas.com [mailto:ECharvel@claritas.com]
> Enviado el: jueves 4 de mayo de 2000 1:34
> Para: tomcat-user@jakarta.apache.org
> Asunto: Re: HTTP BASIC Authentication
> 
> 
> 
> I posted the same problem a few days ago. Has anybody found a 
> solution? ? ?
> 
> 
>                                                               
>                                                               
>             
>                     John Tangney                              
>                                                               
>             
>                     <jtangney@knowledgep        To:     
> "tomcat-user@jakarta.apache.org" 
> <tomcat-user@jakarta.apache.org>               
>                     lanet.com>                  cc:           
>                                                               
>             
>                                                 Subject:     
> HTTP BASIC Authentication                                     
>              
>                     05/03/00 04:00 PM                         
>                                                               
>             
>                     Please respond to                         
>                                                               
>             
>                     tomcat-user                               
>                                                               
>             
>                                                               
>                                                               
>             
>                                                               
>                                                               
>             
> 
> 
> 
> Hi
> 
> The README says
> > 5.2 Container Managed Security
> >
> > Tomcat 3.1 has an experimental implementation of container managed
> security,
> > as described in the Servlet API Specification, version 2.2, 
> section 11.
> > Please
> > note the following information about this implementation:
> >
> > - BASIC authentication appears to work correctly, but has not been
> > extensively tested.  Please report any bugs you encounter here
> > at <http://jakarta.apache.org/bugs>.  The example application has
> > a protected area defined at the following URL:
> >
> > http://localhost:8080/examples/jsp/security/protected
> >
> > which can be accessed by any user defined in the configuration file
> > $TOMCAT_HOME/conf/tomcat-users.xml that has been granted the
> > appropriate roles.
> 
> When I go to that url, my client makes me log in, so I use 
> user='tomcat',
> p/w='tomcat' as seen in the tomcat-users.xml file. So far so good.
> 
> But then I see a directory listing - apparently the contents of the
> /examples directory. I was expecting to see
> /examples/jsp/security/protected/index.jsp, which has something quite
> different.
> 
> I see the same directory listing whether my client browser is 
> running on
> the
> same host as the server or different machines. This is an 
> 'out the box'
> install of tomcat on solaris using jdk1.2.2.
> 
> What's going on here? Is there some secret redirection going 
> on? Am I just
> misunderstanding what the http BASIC authentication is doing? 
> Or is this a
> bug?
> 
> Help!
> --johnt
> 
> 
> 
> 
> --------------------------------------------------------------
> ------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> 
> 
> --------------------------------------------------------------
> ------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
> 

Mime
View raw message