tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: How do I stop security checks for all files?
Date Thu, 04 Sep 2003 19:00:31 GMT

What does your web.xml look like, specifically the security-constraint

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: Jim Lynch []
>Sent: Thursday, September 04, 2003 1:10 PM
>To: tomcat
>Subject: How do I stop security checks for all files?
>I'm using the basic authentication scheme, 'cause I couldn't ever make
>the user type work.  My pages just sat there and looped.  But I'm
>running into a performance problem.  I have dozens of .gif files and
>other things that get loaded with my page and it looks like it is
>authenticating each of them and taking a bunch of time doing it.  THis
>is from one of the log files.  I don't have the option of cutting down
>the number of crappy files (gifs etc.) I have to load. 8(
>This block is repeated dozens of times.  Is there any way I can avoid
>all this checking for inconsequental files?
>2003-09-04 09:52:15 Authenticator[/resources]: Security checking
>POST /resources/inputhours
>2003-09-04 09:52:15 Authenticator[/resources]: We have cached auth type
>BASIC for principal GenericPrincipal[jwl]
>2003-09-04 09:52:15 Authenticator[/resources]:   Checking constraint
>'SecurityConstraint[resources]' against POST /inputhours --> true
>2003-09-04 09:52:15 Authenticator[/resources]:  Subject to constraint
>2003-09-04 09:52:15 Authenticator[/resources]:  Calling checkUserData()
>2003-09-04 09:52:15 Authenticator[/resources]:   User data constraint
>has no restrictions
>2003-09-04 09:52:15 Authenticator[/resources]:  Calling authenticate()
>2003-09-04 09:52:15 Authenticator[/resources]: Already authenticated
>2003-09-04 09:52:15 Authenticator[/resources]:  Calling accessControl()
>2003-09-04 09:52:15 JDBCRealm[/resources]: Username jwl does NOT have
>role user
>2003-09-04 09:52:15 JDBCRealm[/resources]: Username jwl does NOT have
>role NAFO
>2003-09-04 09:52:15 JDBCRealm[/resources]: Username jwl does NOT have
>role ICON
>2003-09-04 09:52:15 JDBCRealm[/resources]: Username jwl does NOT have
>role EMEA
>2003-09-04 09:52:15 JDBCRealm[/resources]: Username jwl has role admin
>2003-09-04 09:52:15 Authenticator[/resources]:  Successfully passed all
>security constraints
>2003-09-04 09:52:15 StandardContext[/resources]: Mapping
>contextPath='/resources' with requestURI='/resources/inputhours' and
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

View raw message