For some reason it is serving a JSP from a directory which I am trying to protect, without asking for authentication.
Here is some of the XML I am using. In my conf/server.xml I have this Realm element inside an my Engine:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://192.168.1.12:5432/db5"
connectionName="tomcat" connectionPassword="myPassword"
userTable="customer" userNameCol="userName"
userCredCol="password"
userRoleTable="userRoles" roleNameCol="role" />And my web.xml deployment descriptor looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>duh</web-resource-name>
<url-pattern>/a</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ball</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>confidential</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>ball</role-name>
</security-role>
</web-app>
Any suggestions?
Do you believe that this part of Tomcat works?
Is there good documentation anywhere, telling me how to set this up?
Thanks, Rich Hammer
_______________________________________________ Juglist mailing list [EMAIL PROTECTED] http://trijug.org/mailman/listinfo/juglist_trijug.org
