tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From EChar...@claritas.com
Subject Re: HTTP BASIC Authentication
Date Wed, 03 May 2000 23:34:09 GMT

I posted the same problem a few days ago. Has anybody found a solution? ? ?


                                                                                         
                                              
                    John Tangney                                                         
                                              
                    <jtangney@knowledgep        To:     "tomcat-user@jakarta.apache.org"
<tomcat-user@jakarta.apache.org>               
                    lanet.com>                  cc:                                   
                                                 
                                                Subject:     HTTP BASIC Authentication   
                                              
                    05/03/00 04:00 PM                                                    
                                              
                    Please respond to                                                    
                                              
                    tomcat-user                                                          
                                              
                                                                                         
                                              
                                                                                         
                                              



Hi

The README says
> 5.2 Container Managed Security
>
> Tomcat 3.1 has an experimental implementation of container managed
security,
> as described in the Servlet API Specification, version 2.2, section 11.
> Please
> note the following information about this implementation:
>
> - BASIC authentication appears to work correctly, but has not been
> extensively tested.  Please report any bugs you encounter here
> at <http://jakarta.apache.org/bugs>.  The example application has
> a protected area defined at the following URL:
>
> http://localhost:8080/examples/jsp/security/protected
>
> which can be accessed by any user defined in the configuration file
> $TOMCAT_HOME/conf/tomcat-users.xml that has been granted the
> appropriate roles.

When I go to that url, my client makes me log in, so I use user='tomcat',
p/w='tomcat' as seen in the tomcat-users.xml file. So far so good.

But then I see a directory listing - apparently the contents of the
/examples directory. I was expecting to see
/examples/jsp/security/protected/index.jsp, which has something quite
different.

I see the same directory listing whether my client browser is running on
the
same host as the server or different machines. This is an 'out the box'
install of tomcat on solaris using jdk1.2.2.

What's going on here? Is there some secret redirection going on? Am I just
misunderstanding what the http BASIC authentication is doing? Or is this a
bug?

Help!
--johnt




--------------------------------------------------------------------------
To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
For additional commmands, email: tomcat-user-help@jakarta.apache.org






Mime
View raw message