>>>>> "Craig" == Craig R McClanahan <[EMAIL PROTECTED]> writes:
Craig> On 16 Jun 2001, David M. Karr wrote:
>> What is the status of BASIC authentication in Tomcat4.0-latest? I noticed it
>> seems to do nothing. A login dialog never appeared, but it gave access to the
>> resource, and the return from "request.getAuthType()" in the resource was a
>> null string.
>>
Craig> As far as I know, it works according to the specs. Same for the other
Craig> container managed security methods.
Craig> Did you create a <security-constraint> to protect the resources that you
Craig> wanted to have protected? If you don't do this, authentication will never
Craig> be triggered (so request.getAuthType() will return null, of course).
Following this is my web.xml for the BASIC test. This is almost verbatim from
the Prof. JSP example. I tried a similar test with FORM-based authentication
(also from the book), with similar but different results. It never went to the
login page, but instead of just going to the protected resource (like the BASIC
test), it failed with a permission error on the resource.
<?xml version="1.0" ?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd";>
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ProJSP Authentication Example</realm-name>
</login-config>
</web-app>
--
===================================================================
David M. Karr ; Best Consulting
[EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
