Hello, I am trying to setup basic http authentication with tomcat. I modified my the web.xml file in the project's WEB-INF folder. Here is the relevant portion:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; id="WebApp_ID" version="2.5"> <security-constraint> <web-resource-collection> <web-resource-name> Admin </web-resource-name> <url-pattern>/myAdmin/admin.html</url-pattern> </web-resource-collection> <auth-constraint> <role-name><security-roles>admin</security-roles></role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Admin System</realm-name> </login-config> </web-app> I think this should be enough to require authentication when someone goes to http://localhost:8080/myAdmin/admin.html on the local machine. And yet, it allows everyone access to the page, without even prompting for any sort of authentication. Anyone have an idea why? Thanks --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
