tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: BASIC Authentication
Date Fri, 06 Oct 2000 19:40:20 GMT
Micky Mimo wrote:

> What is not working is that no authentication page is coming up prompting me
> for a login and password. The context-relative path is
> http://localhost:8080/secure/index.html . This path does not pop up an
> authentication dialog. The logical path is /usr/local/tomcat/webapps/secure
>

And here is where your problem is.  The security constraint you originally
posted will work if you put it in the root context's web.xml, and there is no
"/secure" webapp.

>
> I put the web.xml in /usr/local/tomcat/webapps/secure/WEB-INF/web.xml
>

In other words, your *context path* is "/secure", right?  If you want to protect
everything in this web app, use a context-relative URL pattern like this:

    <url-pattern>/*</url-pattern>

Remember, the "context relative" part that you put into the url pattern starts
*after* the context path.

>
> I want the index.html in /usr/local/tomcat/webapps/secure to prompt the user
> for a login dialog box.
>
> Eventually I will want this to function outside of the tomcat directory.
> Such as /home/me/secure
>

You would do this by configuring a <Context> entry in the server.xml file,
something like this:

    <Context path="/secure"
        docBase="/home/me/secure"
        debug="0"
        reloadable="true"
        trusted="false"/>

and the URL pattern would still remain "/*" to protect all of this webapp.

>
> /===============================\
> | Micky Mimo                    |

Craig McClanahan

====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat



Mime
View raw message