Configured the web.xml for BASIC authentication.

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4">
  <display-name>Vision Application Logs</display-name>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>applogs</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>vsndev-offshore</role-name>
  </auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>myrealm</realm-name>
</login-config>
<!-- Security roles referenced by this Web application -->
<security-role>
  <role-name>vsndev-offshore</role-name>
</security-role>
</web-app>

When prompted for username/password, I use what has been defined in the
tomcat-users.xml file and that does not work.  It would appear that it is
not even referencing the
list.

  <role rolename="vsndev-offshore"/>
  <user username="bob" password="password" roles="vsndev-offshore"/>


On Thu, Oct 21, 2010 at 3:23 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Keith Masten [mailto:spmdt...@gmail.com]
> > Subject: Re: Securing A Directory Listing
>
> > The realm definition for this tomcat instance is in
> > the server.xml.
>
> That partially answers the question.  As the doc says: "You may nest a
> Realm inside any Catalina container Engine, Host, or Context."  Where's
> yours?
>
> > Should the realm defined in the web.xml be
> > defined/referenced somewhere?
>
> Probably not, as long as you're comfortable with using the same <Realm> for
> all webapps that require authentication.
>
> > Just tried the basic setup again and no luck.
>
> What is meant by "no luck"?  I don't recall any Tomcat error message with
> that phrasing...
>
> > When prompted, I should enter id - bob, pw - bob according
> > to my tomcat-users.xml, correct???
>
> Correct, as long as the <auth-method> is BASIC.  Might want to post your
> current WEB-INF/web.xml file.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to