tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jon Skeet" <jon.sk...@peramon.com>
Subject Is tomcat-users.xml still used under Tomcat 3.2?
Date Wed, 11 Oct 2000 10:23:49 GMT
Under Tomcat 3.1 I certainly had *problems* with security constraints,
but at least it knew who the users were. I now have the following
tomcat-users.xml file in my conf directory:

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />
  <user name="admin" password="secret" roles="administrator" />
</tomcat-users>

(This is only for testing purposes, of course :)

In web.xml for a certain web-app I have:

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Configuration</web-resource-name>
        <url-pattern>/infconfig/*</url-pattern>
        <url-pattern>/appconfig/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>administrator</role-name>
      </auth-constraint>
    </security-constraint>

Sure enough, trying to access infconfig/index.html pops up a dialog box
- but entering user "admin" and password "secret" doesn't get me any further,
when it used to on Tomcat 3.1. Any ideas what's changed?

Jon, knowing he'll get at least *one* reply to this ;)

Mime
View raw message