tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Cat" <tom.cat2...@gmail.com>
Subject Basic Authentication with Tomcat
Date Mon, 18 Aug 2008 19:56:37 GMT
Hello,

I am trying to setup basic http authentication with tomcat. I modified
my the web.xml file in the project's WEB-INF folder. Here is the
relevant portion:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
<security-constraint>
	<web-resource-collection>
		<web-resource-name>
		Admin
		</web-resource-name>
		<url-pattern>/myAdmin/admin.html</url-pattern>
	</web-resource-collection>
	
	<auth-constraint>
	<role-name><security-roles>admin</security-roles></role-name>
	</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin System</realm-name>
</login-config>
</web-app>


I think this should be enough to require authentication when someone
goes to http://localhost:8080/myAdmin/admin.html on the local machine.
And yet, it allows everyone access to the page, without even prompting
for any sort of authentication. Anyone have an idea why?

Thanks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message