Re: Anonymous access with Tomcat Authentication configured.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, Propes, Barry L wrote: is the bottom line that he (Semen's) wanting certain areas protected by a role, and other areas protected/accessible only by another role? Sounds like he wants user-level authorization, which Tomcat just doesn't do.

Anonymous access with Tomcat Authentication configured.

Hi, I'm developing servlet using servlet API 2.3 on Tomact application server, now my task is to implement path based authentication (pba) with the following Tomcat configuration: auth-method= BASIC Realm className=org.apache.catalina.realm.MemoryRealm But behavior I need is: 1. If Tomcat gets

Re: Anonymous access with Tomcat Authentication configured.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: But behavior I need is: 1. If Tomcat gets request with no user information data (username/password) it should pass it to servlet and then servlet after handling request's URI according to pba config file may send

Re: Anonymous access with Tomcat Authentication configured.

Christopher, thanks for reply. 2007/10/9, Christopher Schultz [EMAIL PROTECTED]: You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st securityfilter ( http://securityfilter.sourceforge.net ). Well,

Re: Anonymous access with Tomcat Authentication configured.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: Christopher, thanks for reply. 2007/10/9, Christopher Schultz [EMAIL PROTECTED]: You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend

Re: Anonymous access with Tomcat Authentication configured.

Christopher, 2007/10/9, Christopher Schultz [EMAIL PROTECTED]: You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st securityfilter ( http://securityfilter.sourceforge.net ). Well, securityfilter

Re: Anonymous access with Tomcat Authentication configured.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: Christopher, 2007/10/9, Christopher Schultz [EMAIL PROTECTED]: You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st

Re: Anonymous access with Tomcat Authentication configured.

Christopher, thank you for your great help, 2007/10/10, Christopher Schultz [EMAIL PROTECTED]: ...why you want your own servlets to do the authorization instead of the container (or securityfilter)? This is the main question. Today we decided to do nothing new with authentication and

Re: Anonymous access with Tomcat Authentication configured.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: Well, have you ever configured path based authentication for Subversion Server? Oh, you're using WebDAV. :( So if there is no security-constraint element in web.xml, Tomcat doesn't provide authorization, right?

RE: Anonymous access with Tomcat Authentication configured.

: Tuesday, October 09, 2007 5:08 PM To: Tomcat Users List Subject: Re: Anonymous access with Tomcat Authentication configured. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: Well, have you ever configured path based authentication for Subversion Server? Oh, you're using

Re: Anonymous access with Tomcat Authentication configured.

Christopher, 2007/10/10, Christopher Schultz [EMAIL PROTECTED]: Tomcat's built-in AA requires that an unauthenticated user request a protected resource (protected by a security-constraint). When this happens, Tomcat intercepts the request internally and issues the appropriate login request