I noticed the MemoryRealm / form-based authentication example in Tomcat
6.0 is broken. The example works just fine in Tomcat 5.5, but in the
migration to 6.0, it got broken. According to the doc at
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
the app is supposed to be available at
http://localhost:8080/jsp-examples/security/protected/
but the URL is actually
http://localhost:8080/examples/jsp/security/protected/
The default contents of the conf/tomcat-users.xml file *should* be
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
but the file that ships with 6.0 is missing all the <user> tags.
And the server.xml file is missing the line:
<Realm className="org.apache.catalina.realm.MemoryRealm" />
Finally the web.xml file is using the wrong <url-pattern>. It is set to
<url-pattern>/security/protected/*</url-pattern>
but should be
<url-pattern>/jsp/security/protected/*</url-pattern>
Making these changes will fix the example. Hope someone working on
Tomcat sees this post.
Regards,
Frank
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
