Configured the web.xml for BASIC authentication. <?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>Vision Application Logs</display-name> <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>applogs</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>vsndev-offshore</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>myrealm</realm-name> </login-config> <!-- Security roles referenced by this Web application --> <security-role> <role-name>vsndev-offshore</role-name> </security-role> </web-app>
When prompted for username/password, I use what has been defined in the tomcat-users.xml file and that does not work. It would appear that it is not even referencing the list. <role rolename="vsndev-offshore"/> <user username="bob" password="password" roles="vsndev-offshore"/> On Thu, Oct 21, 2010 at 3:23 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing > > > The realm definition for this tomcat instance is in > > the server.xml. > > That partially answers the question. As the doc says: "You may nest a > Realm inside any Catalina container Engine, Host, or Context." Where's > yours? > > > Should the realm defined in the web.xml be > > defined/referenced somewhere? > > Probably not, as long as you're comfortable with using the same <Realm> for > all webapps that require authentication. > > > Just tried the basic setup again and no luck. > > What is meant by "no luck"? I don't recall any Tomcat error message with > that phrasing... > > > When prompted, I should enter id - bob, pw - bob according > > to my tomcat-users.xml, correct??? > > Correct, as long as the <auth-method> is BASIC. Might want to post your > current WEB-INF/web.xml file. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >