tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Rosenberg <shmol...@gmail.com>
Subject Container-managed Auth Confusion
Date Sat, 05 Mar 2011 17:59:51 GMT
[Sorry if this appears twice, my maill UI hiccuped.]

I thought I understood how contained-managed auth worked, but
obviously I'm missing something.

Hers' what I have right now

       <security-constraint>
               <web-resource-collection>
                       <web-resource-name>JDBCRealmTest</web-resource-name>
                       <description>accessible by authenticated users of the
adoption-admin role</description>
                       <url-pattern>/Adoption/application/list</url-pattern>
               </web-resource-collection>
               <auth-constraint>
                       <description>These roles are allowed access</description>
                       <role-name>adoption-admin</role-name>
               </auth-constraint>
       </security-constraint>
       <login-config>
               <auth-method>BASIC</auth-method>
               <realm-name>MyFirst Protected Area</realm-name>
       </login-config>
       <security-role>
               <description>Only ‘adoption-admin’ role is allowed to access this
web application</description>
               <role-name>adoption-admin</role-name>
       </security-role>

I thought this would require auth for the url
/Adoption/application/list, but there is no challenge when I test.  I
have fooled with the url-pattern but the only pattern I can get to
work is '/Adoption/*'.  I have tried '/Adoption',
'/Adoption/application/list/*', but none of them cause a challenge.

What am I missing?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message