On 16 Jun 2001, David M. Karr wrote:
> What is the status of BASIC authentication in Tomcat4.0-latest? I noticed it
> seems to do nothing. A login dialog never appeared, but it gave access to the
> resource, and the return from "request.getAuthType()" in the resource was a
> null string.
>
As far as I know, it works according to the specs. Same for the other
container managed security methods.
Did you create a <security-constraint> to protect the resources that you
wanted to have protected? If you don't do this, authentication will never
be triggered (so request.getAuthType() will return null, of course).
> I'm not familiar with the architecture, but I tried setting breakpoints in
> "AuthenticatorBase" and "BasicAuthentication" (in NetBeans), but I never saw
> anything meaningful. It did hit some of the breakpoints, however.
>
> I did a search in the tomcat-dev mailing list, and I found lots of messages
> which talked about particular issues with BASIC and FORM authentication, but
> nothing specifically saying that BASIC authentication didn't work. I would
> have searched the bug database, but it was down at the time (Internal Server
> Error).
>
The first thing to try is the Tomcat example application, which protects
the following URL with form-based login by default:
http://localhost:8080/examples/jsp/security/protected/
It would be a simple matter to modify the web.xml for this application to
use BASIC login instead, and then test the results you get back.
> This is mostly just a curiousity, as I doubt I'd ever use BASIC authentication
> for a real project, but as I'm just getting started absorbing the Tomcat
> architecture, I find it helpful to try to track problems, no matter how
> trivial.
>
> --
> ===================================================================
> David M. Karr ; Best Consulting
> [EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
>
>
Craig McClanahan
