I am attempting to
get tomcat to challenge for a username/password pair when reading ANYTHING from
a given directory.
To test this, I
added a directory called 'secure' in the 'webapps/test'
I then modified
webapps/test/WEB-INF/web.xml to look like the following:
servlet stuff is here, but snipped for this email -->
I want nothing to be
available in the secure directory (and below) unless the user is authorised
(using the tomcat user found in conf/tomcat-users.xml).
I have read through
the servlet 2.2 spec umpteen times (found an inconsistency with the examples)
and tomcat seems to cheerfully ignore my settings.
What am i doing
FYI, the commented
out block was a frustrating attempt at getting form-based authentication - I
gave up and am now just trying to get basic authentication
Blackdown JDK 1.2.2
I am now going home to cry.