Win NT platform
JDK1.2
Tomcat 3.2b6
DB2 EE v7.1
server.xml:
<RequestInterceptor
className="org.apache.tomcat.request.JDBCRealm"
debug="99"
driverName="COM.ibm.db2.jdbc.app.DB2Driver"
connectionURL="jdbc:db2:authDb"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"
connectionName="userid"
connectionPassword="password"/>
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>WebApp Home</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>appuser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>WebApp Realm</realm-name>
</login-config>
I have configured everything under the ROOT context to be protected with
BASIC authentication. When I request the defeault index.html page under
the /ROOT directory, the JDBCRealm RequestInterceptor correctly handles my
login. I then select a link from the index page
to another html page also located under root which contains an Applet. The
applet loads and makes a URLConnection to
a servlet which is under the /ROOT/WEB-INF/classes folder. At this point
the Interceptor requires another login. But I have already been
authenticated
in this REALM! Why the second login????
The first login window looks like a plain Browser Login window. The second
window is however a java login window; generated
in the Applets JVM I suppose. Does the URLConnection require explicit http
header handling? (In the form of setRequestProperty() )
Raimee
