Hi All,
I have an issue with allowing access to a page which is secured using
active directory authentication. I want some pages/content to be excluded
from this. Following is my web.xml file under conf of tomcat.
[code=java]
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected
Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<--! These are the groups in AD -->
<role-name>Engineering</role-
name>
<role-name>Migration Expert</role-name>
<role-name>Developers</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/update/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Services Portal</realm-name>
</login-config>
[/code]
As per my understanding, this should allow url's with a content "update"
and allow other pages only with AD credentials. But this is not working for
me now. Its asking for the credentials even for the url with "update".
Tomcat Version:7
Env:Linux
Url:http://myserver.com:8080/solar/index.jsp. Here its asking the
credentials, its fine and as expected.
url with "update" in the address: http://myserver.com:8080/solar/site/update.
When I access this url, its still asking for the credentials.
I am not really sure why this is happening. Could anyone here can help me
on this?
--
Thanks,
Regards,
Rahul R
