tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ed">
Subject Security settings seemingly ignored
Date Mon, 10 Jul 2000 17:56:02 GMT
I am attempting to get tomcat to challenge for a username/password pair when
reading ANYTHING from a given directory.

To test this, I added a directory called 'secure' in the 'webapps/test'

I then modified webapps/test/WEB-INF/web.xml to look like the following:

<!-- servlet stuff is here, but snipped for this email -->


            <web-resource-name>Test Secure Stuff</web-resource-name>

        <!-- <form-login-config>
            </form-login-config> -->

I want nothing to be available in the secure directory (and below) unless
the user is authorised (using the tomcat user found in
However, when I use the url the
flippin' page appears - no questions asked!!  uh?  was-goin-orf?

I have read through the servlet 2.2 spec umpteen times (found an
inconsistency with the examples) and tomcat seems to cheerfully ignore my

What am i doing wrong?

FYI, the commented out block was a frustrating attempt at getting form-based
authentication - I gave up and am now just trying to get basic
authentication going...

I am running:
RedHat Linux 6.2
Apache 1.3.12
Tomcat release 3.1
Blackdown JDK 1.2.2 RC4

I am now going home to cry.

View raw message