tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ramkumar Krishnan" <ramkum...@tarangtech.com>
Subject Re: Tomcat 3.2.1: Basic authentication and Win 2000
Date Tue, 18 Feb 2003 10:01:08 GMT
Hi Thomas,
                    I am also having a similiar problem in our system. I am
using HTTPClient jar as http client.Our product is running on tomcat
3.2.3+Apache1.3. (Windows NT)

1)Pls look at the following code.

                        HTTPConnection httpcon = new HTTPConnection(url);

httpcon.addBasicAuthorization("es","username","password");

even though the above code exists for Basic Authorization, it is still
popping up
java dialog box asking username and passoword.

Why the console popping up?..

2)    here i set userinteraction to false and commented the authorization
code, now it is not popping up the java console.But the system running
properly and gets the required data without asking username and password.

                   HTTPConnection httpcon = new HTTPConnection(url);
                   httpcon.setAllowUserInteraction(false);

//httpcon.addBasicAuthorization("es","username","password");

How is it possible?..Is there security hole with the site?...

NOTE:
         I should enter username and password when i tried to access the
site thro browser.Otherwise it is throwing error.


Any help would be appreciated...

thanks,
Ramkumar

----- Original Message -----
From: "Thomas Muller" <ttm@online.no>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, February 17, 2003 3:50 PM
Subject: Tomcat 3.2.1: Basic authentication and Win 2000


> Hi,
>
> When I try to apply basic authentication to an area, Win 2000 pops up with
a
> login dialog that requires windows credentials (or something). It seems
like
> Windows refuses do allow Tomcat to do authentication alone. Without any
> knowledge of Tomcat internals, I guess it's the AccessInterceptor that
> controls the behaviour (or at least tries to):
>
> <RequestInterceptor
className="org.apache.tomcat.request.AccessInterceptor"
> />
>
> I've tried to define the windows login credentials in tomcat-users.xml,
> allow the actual Tomcat service to run as that user etc etc. Nothing
helps.
> Can't log in.
>
> <security-constraint>
>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/server/*</url-pattern>
>   </web-resource-collection>
>
>   <auth-constraint>
>         <role-name>mbxadmin</role-name>
> </auth-constraint>
>
> </security-constraint>
>
>     <!-- Default login configuration uses BASIC authentication
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Basic Authentication Area</realm-name>
> </login-config>
>
> How can I instruct win 2000 (or Tomcat) to override the OS specific
> behaviour?
>
> Any input on this would be much appreciated.
>
> --
>
> Thomas
>
>
>
>
>
>
> *************************************************************************
> Copyright ERA Technology Ltd. 2002. (www.era.co.uk). All rights reserved.
> The information supplied in this Commercial Communication should be
treated
> in confidence.
> No liability whatsoever is accepted for any loss or damage
> suffered as a result of accessing this message or any attachments.
>
> ________________________________________________________________________
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service. For more information on a proactive anti-virus service working
> around the clock, around the globe, visit http://www.messagelabs.com
> ________________________________________________________________________
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message