tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Use of roles when tomcatAuthentication=false
Date Wed, 23 Jun 2004 00:53:06 GMT
None of the Realms will be usefull when tomcatAuthentication="false". You'd 
need to roll your own.

-Tim

Ron Gomes wrote:
> We use Tomcat with a fronting Web server (Apache) which provides Basic
> authentication, so we need to run with 'tomcatAuthentication="false"'
> in the Ajp13Connector.  But we also want to make use of the servlet
> "roles" concept to protect applications (including the Manager app)
> from arbitrary access.
> 
> Is there any simple way to do this?  We've tried mapping user names to
> roles in the usual way in tomcat-users.xml, in the hope that Tomcat
> (with tomcatAuthentication set to false) would take the user name from
> the Apache-supplied basic-auth credentials, but use the roles from
> tomcat-users.xml.  But the behavior suggests that tomcat-users.xml is
> not consulted at all in this situation.
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message