Re: Status of BASIC authentication in Tomcat4.0-latest?

Mon, 18 Jun 2001 11:03:26 -0700 

You have not declared an <auth-constraint> inside your
<security-constraint>, which is essentially saying that "this security
constraint does not require authentication".

Craig McClanahan

On 17 Jun 2001, David M. Karr wrote:

> >>>>> "Craig" == Craig R McClanahan <[EMAIL PROTECTED]> writes:
> 
>     Craig> On 16 Jun 2001, David M. Karr wrote:
> 
>     >> What is the status of BASIC authentication in Tomcat4.0-latest?  I noticed it
>     >> seems to do nothing.  A login dialog never appeared, but it gave access to the
>     >> resource, and the return from "request.getAuthType()" in the resource was a
>     >> null string.
>     >> 
> 
>     Craig> As far as I know, it works according to the specs.  Same for the other
>     Craig> container managed security methods.
> 
>     Craig> Did you create a <security-constraint> to protect the resources that you
>     Craig> wanted to have protected?  If you don't do this, authentication will never
>     Craig> be triggered (so request.getAuthType() will return null, of course).
> 
> Following this is my web.xml for the BASIC test.  This is almost verbatim from
> the Prof. JSP example.  I tried a similar test with FORM-based authentication
> (also from the book), with similar but different results.  It never went to the
> login page, but instead of just going to the protected resource (like the BASIC
> test), it failed with a permission error on the resource.
> 
> 
> <?xml version="1.0" ?>
> <!DOCTYPE web-app
>    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>    "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd";>
> <web-app>
>  <security-constraint>
>   <web-resource-collection>
>    <web-resource-name>Entire Application</web-resource-name>
>    <url-pattern>/*</url-pattern>
>   </web-resource-collection>
>  </security-constraint>
>  <login-config>
>   <auth-method>BASIC</auth-method>
>   <realm-name>ProJSP Authentication Example</realm-name>
>  </login-config>
> </web-app>
> 
> -- 
> ===================================================================
> David M. Karr          ; Best Consulting
> [EMAIL PROTECTED]   ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
> 
>

Reply via email to