Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 25439 invoked from network); 18 Sep 2005 16:50:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Sep 2005 16:50:34 -0000 Received: (qmail 70898 invoked by uid 500); 18 Sep 2005 16:50:19 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 70736 invoked by uid 500); 18 Sep 2005 16:50:18 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 70720 invoked by uid 99); 18 Sep 2005 16:50:18 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Sep 2005 09:50:18 -0700 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=NO_REAL_NAME,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of paul@webotech.co.uk designates 66.197.185.165 as permitted sender) Received: from [66.197.185.165] (HELO ws5.spacesurfer.com) (66.197.185.165) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Sep 2005 09:50:25 -0700 Received: by ws5.spacesurfer.com (Postfix, from userid 2021) id 905115C063; Sun, 18 Sep 2005 16:47:42 +0000 (GMT) References: <20050916160544.A77BC5C08C@ws5.spacesurfer.com> In-Reply-To: From: paul@webotech.co.uk To: "Tomcat Users List" Subject: Re: password authentication causes 403 error Date: Sun, 18 Sep 2005 17:47:42 +0100 Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Message-Id: <20050918164742.905115C063@ws5.spacesurfer.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Thanks Bill - that did it! Bill Barker writes: > > wrote in message > news:20050916160544.A77BC5C08C@ws5.spacesurfer.com... >> Hi there, >> I would like to set up my development tomcat-5.0.28 (on port 8080) so that >> all webapps that are not password protected, to have password >> authentification. Since it is my dev box I would like to use the memory >> realm. >> I have this in my web.xml: >> >> >> /* >> GET >> POST >> >> > > It's: > > admin > > > What you have (other than being invalid, if validation-checking was enabled > :), tells Tomcat to forbid access to everyone. > >> >> NONE >> >> >> >> BASIC >> >> >> I have this in my tomcat-users.xml: >> >> >> >> >> >> > roles="admin,manager,role1"/> >> >> If I go to http://localhost:8080/manager it asks me to login and then >> gives me access to the webapp as expected. If I go to >> http://localhost:8080/ it asks me to login and if I get it wrong is gives >> me a 401 error as expected but if I get it right it gives me a 403 error >> instead of allowing access to the webapp. This happens with all webapps >> that do not have their own authentication. >> How do I configure tomcat to give me access to my webapps when I login >> correctly? >> Thanks, >> Paul >> -- >> Paul Mackinlay (PhD, MEng) >> http://www.webotech.co.uk/ >> paul@webotech.co.uk >> Tel: +44(0)7050 699971 >> Fax: +44(0)7050 699972 > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > -- Paul Mackinlay (PhD, MEng) http://www.webotech.co.uk/ paul@webotech.co.uk Tel: +44(0)7050 699971 Fax: +44(0)7050 699972 --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org