I have a web application which uses BASIC authentication.
In Tomcat 5.0.28 (under Java 1.5 and Fedora Core 4) accessing
the protected webapp causes the browser to popup a login box
where username and password are entered. This works well, no
matter whether passwords are plain or SHA digested and no
matter whether I access the protected webapp using the HTTP
port or the HTTPS port. It also works with a wide variety of browsers.
Moving to Tomcat 5.5.x, however, causes the BASIC authentication
not to work anymore. The login box pops up but no username/password
combination ever allows access. The login box just clears the entries
and one is "stuck" at the login box. Again, I have tried plain and SHA
digested passwords in the tomcat-users.xml file with no luck either way.
This behavior is the same across different web browsers.
The web.xml file for the web application contains the following security
configuration portion, which enables password access in 5.0.x but
doesn't work in 5.5.x:
<!-- -->
<!-- Container-Security Configuration -->
<!-- -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Reports Browser</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Currently using only BASIC authentication. Use with HTTPS. -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Protected Area</realm-name>
</login-config>
I have searched online for answers and have reviewed the Servlet 2.4
specification (i.e. for Tomcat 5.5.x) but have found nothing. Surely,
BASIC authentication is such a well....basic thing that there must be
some small change I need to make, between the Tomcat versions, to get
this to work again. Any help is greatly appreciated.
-tom
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
