On 2024/09/27 15:14:15 Christopher Schultz wrote: > Sebastian, > > On 9/27/24 11:04, Sebastian Trost wrote: > > Francesco, > > > > On 26.09.2024 16:12, Francesco Viscomi wrote: > >> Hi all, > >> I'm not able to understand why I cannot access to > >> http://localhost:8080/manager/html > >> > >> I've configured the user in tomcat.users.xml: > >> > >> <role rolename="manager-gui"/> > >> <user username="admin" password="admin" roles="manager-gui"/> > >> > >> I'm using tomcat 9; and jdk17; > >> > >> I've also noted that in my personal pc when try to access manager/html a > >> pop up ask me to login (in my personal pc it works right) > >> > >> While when I try to use it in the company pc it gives me 401 > >> unauthorized; > >> I do not know what I have to modify on chrome to get access in manager > >> app, > >> I also use in the company pc Zscaler, but I do not know what I have to > >> change in it (eventually) in order to access the manager app. > > Your corporate browser probably has basic authentication disabled. Check > > this site: https://jigsaw.w3.org/HTTP/Basic > > If there is no basic authentication popup where you can enter username/ > > password then this is probably the case. > > > > See: https://answers.microsoft.com/en-us/microsoftedge/forum/all/latest- > > version-of-edge-no-longer-shows-basic/3601252b-e56b-46c0-a088-0f6084eabe47 > > I've really had it with Microsoft deciding that HTTP Basic > authentication is just not okay. They seem to have forgotten that TLS > makes it secure.
The reasoning is never to share a long term secret: your password. > HTTP Digest is a nightmare, but they are forcing users onto it. The key is to use SPNEGO in enterprise environments. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
