tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ed Thompson" <ethomps...@carolina.rr.com>
Subject security_constraint question
Date Sat, 22 Jun 2002 19:41:55 GMT
OK, rookie question....

I have a file in $TOMCAT_HOME/webapps/comics  (index.html)

$TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
     <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/comics</url-pattern>
         <url-pattern>/comics/*</url-pattern>
     <!-- If you list http methods, only those methods are protected -->
     <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
     <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>comics</role-name>
      </auth-constraint>
    </security-constraint>

I have is set up for BASIC as my auth-method.  Pretty much cut and paste
form the examples directory.

However, on my browser when I go to //thompson3:8080/comics, it takes me
right to index.html.
Why does it not require me to login first?  What have a missed in the Tomcat
configuration?

Help greatly appreciate - been struggling with this for a couple of days...

(PS - the examples works great - going to
//thompson3:8080/examples/jsp/security/protected forces a login)





--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message