Hi!
I've got a war file which I would like to protect through username and password
authentication. I've added the following in web.xml in the .war file:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Protected Site
</web-resource-name>
<!-- This would protect the entire site -->
<url-pattern> /* </url-pattern>
<!-- If you list http methods,
only those methods are protected -->
<http-method> DELETE </http-method>
<http-method> GET </http-method>
<http-method> POST </http-method>
<http-method> PUT </http-method>
</web-resource-collection>
<auth-constraint>
<!-- Roles that have access -->
<role-name> viewer </role-name>
</auth-constraint>
</security-constraint>
<!-- BASIC authentication -->
<login-config>
<auth-method> BASIC </auth-method>
<realm-name> Example Basic Authentication </realm-name>
</login-config>
<!-- Define security roles -->
<security-role>
Test role
<role-name> viewer </role-name>
</security-role>
Also I have added a file called tomcat-users. xml in the
jbossweb-tomcat41.sar/META-INF folder, looking like this:
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
</tomcat-users>
When a type the URL for the .war I do get a authentication screen from IE but it
passes me on to the war file's index.html regardless of what login I do give.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840249#3840249
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3840249
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
