tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Basham <Bryan.Bas...@central.sun.com>
Subject WAR security question
Date Thu, 28 Sep 2000 16:41:51 GMT
Here's my question in a nutshell:
When using HTTP-based authentication how does the developer
(or WAR deployer) configure the password of a given "security role"?

Details:
I am trying to test the HTTP authentication mechanisms.  I have a sample
Web application that has a simple servlet and I have created a security
role in the web.xml file:

    <secturity-role>
      <role-name>USER</role-name>
    </secturity-role>

I then added a security constraint:

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>ProtectedResource</web-resource-name>
	<url-pattern>/message</url-pattern>
	<http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>USER</role-name>
      </auth-constraint>
    </security-constraint>

When I deploy this WAR and access this servlet, my browser prompts me
for a login/password.  I give the USER login, but I don't know what
password it will accept.  Shouldn't there be a field in the WAR Dep. Desc.
that specifies the password?

Thanks for your help,
Bryan


+---------------------------------------+--------------------------------------+
| Bryan Basham                          | "You are not an isolated entity, but
| Java Courseware Developer             |  a unique, irreplaceable part of the
| Sun Educational Services              |  cosmos.  Don't forget this.  You are
|   Phone: 1-303-272-8766  (x78766)     |  an essential piece of the puzzle of
|  E-mail: Bryan.Basham@Sun.COM         |  humanity."
| Address: 500 Eldorado Blvd            |
|          MailStop: UBRM05-135         |  -- The Art of Living, Epictetus
|          Broomfield, CO 80021         |     (trans. Sharon Lebell)
+---------------------------------------+--------------------------------------+


Mime
View raw message