How to configure basic authentication
Hi, I`m using tomcat 3.2.1, Win 2000 and I tried to configure a servlet (Header, displays just all received Header information) with basic authentication. I changed the web.xml as followed: servlet-mapping servlet-name Header /servlet-name url-pattern /protected/Header /url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameBirtes Protected Area/web-resource-name url-pattern/protected/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBirte/realm-name /login-config That works (http://localhost/myApp/protected/Header). But if I enter http://localhost/myApp/servlet/Header I also get the servlet but without authentication. Why and what must I do that the servlet is only available with the first URL. Thanks Birte
RE: How to configure basic authentication
Thanks, now it works as I want it. Birte -Original Message- From: Nacho [mailto:[EMAIL PROTECTED]] Sent: Freitag, 5. Januar 2001 17:55 To: '[EMAIL PROTECTED]' Subject: RE: How to configure basic authentication Hola Birte: This is caused by the non-stardard Invoker present on your server.xml file out of the box.. You can.. Comment or delete the invokerinterceptor line on your server.xml file or.. Add the invoker interceptor url to your protected resources... The invoker interceptor is de one in de line : 8-- RequestInterceptor className="org.apache.tomcat.request.InvokerInterceptor" debug="0" prefix="/servlet/" / 8-- As you can see in this line is where you can alter the path used in the invoker , or delete or comment it completely, as is not needed in normal ÇTomcat operation. Saludos , Ignacio J. Ortega -Mensaje original- De: Birte Glimm [mailto:[EMAIL PROTECTED]] Enviado el: viernes 5 de enero de 2001 17:36 Para: [EMAIL PROTECTED] Asunto: How to configure basic authentication Hi, I`m using tomcat 3.2.1, Win 2000 and I tried to configure a servlet (Header, displays just all received Header information) with basic authentication. I changed the web.xml as followed: servlet-mapping servlet-name Header /servlet-name url-pattern /protected/Header /url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameBirtes Protected Area/web-resource-name url-pattern/protected/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBirte/realm-name /login-config That works (http://localhost/myApp/protected/Header). But if I enter http://localhost/myApp/servlet/Header I also get the servlet but without authentication. Why and what must I do that the servlet is only available with the first URL. Thanks Birte - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How to configure basic authentication
Birte Glimm wrote: Hi, I`m using tomcat 3.2.1, Win 2000 and I tried to configure a servlet (Header, displays just all received Header information) with basic authentication. I changed the web.xml as followed: servlet-mapping servlet-name Header /servlet-name url-pattern /protected/Header /url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameBirtes Protected Area/web-resource-name url-pattern/protected/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBirte/realm-name /login-config That works (http://localhost/myApp/protected/Header). But if I enter http://localhost/myApp/servlet/Header I also get the servlet but without authentication. Why and what must I do that the servlet is only available with the first URL. One approach would be to disable the "invoker" servlet facility, as others have pointed out. (Simply comment out the "invoker interceptor" entry in server.xml.) Another option is to remember that security constraints are based on matching URL patterns, and you can add a second url-pattern to your web-resource-collection: url-pattern /servlet/Header/* /url-pattern That way, the security constraint covers requests done through the invoker servlet as well. Thanks Birte Craig McClanahan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]