tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: HTTP BASIC Authentication
Date Wed, 03 May 2000 23:34:09 GMT

I posted the same problem a few days ago. Has anybody found a solution? ? ?

                    John Tangney                                                         
                    <jtangney@knowledgep        To:     ""
          >                  cc:                                   
                                                Subject:     HTTP BASIC Authentication   
                    05/03/00 04:00 PM                                                    
                    Please respond to                                                    


The README says
> 5.2 Container Managed Security
> Tomcat 3.1 has an experimental implementation of container managed
> as described in the Servlet API Specification, version 2.2, section 11.
> Please
> note the following information about this implementation:
> - BASIC authentication appears to work correctly, but has not been
> extensively tested.  Please report any bugs you encounter here
> at <>.  The example application has
> a protected area defined at the following URL:
> http://localhost:8080/examples/jsp/security/protected
> which can be accessed by any user defined in the configuration file
> $TOMCAT_HOME/conf/tomcat-users.xml that has been granted the
> appropriate roles.

When I go to that url, my client makes me log in, so I use user='tomcat',
p/w='tomcat' as seen in the tomcat-users.xml file. So far so good.

But then I see a directory listing - apparently the contents of the
/examples directory. I was expecting to see
/examples/jsp/security/protected/index.jsp, which has something quite

I see the same directory listing whether my client browser is running on
same host as the server or different machines. This is an 'out the box'
install of tomcat on solaris using jdk1.2.2.

What's going on here? Is there some secret redirection going on? Am I just
misunderstanding what the http BASIC authentication is doing? Or is this a


To unsubscribe, email:
For additional commmands, email:

View raw message