[JBoss-user] problems with Tomcat's basic auth

[Matthew Hixson]

I'm having troubles getting basic auth to work with Tomcat embedded in 
JBoss 3.2.2RC3.  What I'm seeing is that the browser shows the 
username/password challenge dialog, but I can just enter anything into 
it and Tomcat will serve up the page.  I don't have to enter a real 
username and password.
  When starting up JBoss I see this on the console and wonder if it 
might have something to do with the problem:

14:14:51,473 INFO  [Engine] ContextConfig[/invoker]: Configured an 
authenticator for method BASIC
14:14:51,567 WARN  [EmbeddedTomcatService] Unable to invoke setDelegate 
on class loader:[EMAIL PROTECTED]

In my jboss-service.xml file I have:

      <attribute name="Config">
         <Server>
            <Service name="JBoss-Tomcat">
               <Engine name="MainEngine" defaultHost="localhost">
                  <Logger className="org.jboss.web.tomcat.Log4jLogger"
                     verbosityLevel="debug" 
category="org.jboss.web.localhost.Engine"/>
                  <Host name="localhost">

                     <!-- Access logger -->
                     <Valve 
className="org.apache.catalina.valves.AccessLogValve"
                        prefix="localhost_access" suffix=".log"
                        pattern="common" 
directory="${jboss.server.home.dir}/log"/>

                     <!-- This valve clears any caller identity set by 
the realm
                     and provides access to the realm about the 
existence of an
                     authenticated caller to allow a web app to run 
with a realm
                     that support unauthenticated identities. It also 
establishes
                     any run-as principal for the servlet being 
accessed.
                     -->
                     <Valve 
className="org.jboss.web.tomcat.security.SecurityAssociationValve" />
                     <!-- Default context parameters -->
                     <DefaultContext cookies="true" crossContext="true" 
override="true"/>
                     <Context path="/watermarks" 
docBase="/usr/local/foo/watermarked_images"/>
                      <Realm 
className="org.apache.catalina.realm.MemoryRealm" debug="4" 
path="/usr/local/jboss/server/default/conf/tomcat-users.xml" />
                  </Host>
               </Engine>

In tomcat-users.xml I have:

<tomcat-users>
  <user name="hixson" password="foobar" roles="admin" />
</tomcat-users>
In my webapp's WEB-INF/web.xml I have:

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>admin</web-resource-name>
   <url-pattern>/admin/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
   <role-name>admin</role-name>
  </auth-constraint>
 </security-constraint>
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>admin</realm-name>
 </login-config>
 <!-- <!ELEMENT security-role (description?, role-name)> -->
 <security-role>
  <description>
   admin
  </description>
  <role-name>admin</role-name>
 </security-role>
Is there anything else I need to configure?  I don't know why its 
asking me for a username/password, but then failing to authenticate me.
  Thanks,
   -M@



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user