sounds like I've got exactly the same problem. I didn't follow the thread in
the dev-mailinglist,
so I'm sorry if I repeat problems already solved there...
I'd like to set up exactly the same thing and found the same source in the
Professional JSP-book.
The questions for me are:
1) Tomcat 3.1 declares security-related features as alpha; anyone got an idea,
if security in 3.2b7
might be suitable for production use already ?
2) If I define a security-constraint in Tomcat, using Apache and Tomcat; will
Apache know about this constraint ?
Or do I have to serve all files under security constraints using tomcat,
even the static ones ?
If so, would there be any reason for using Apache at all ?
Thanks for any clue in the darkness of authentication...
Marco
Danno Ferrin wrote:
> What you would want to do then is to use form based authentication and
> enable the JDBC realm.
>
> --Danno
> p.s. please continue discussion in the tomcat-user list. The dev list
> is for patches, comments about the code, etc., and not use of tomcat
> itself. [EMAIL PROTECTED] is meant for the use of tomcat
> itself and for configuration questions such as this.
>
> shahed wrote:
>
> > I am using Tomcat 3.1 with Apache/Stronghold.
> > I assumed that all the web.xml stuff would not work.
> > Am I right ? or will it still work ?
> >
> > Also, I want to auth against a database. In the book Professional JSP,
> > there is an example of using a security interceptor. But again,
> > will that work if I am using Apache + Tomcat ?
> >
> >> You need to set up the web-app to require authentication. In the
> >> web.xml in the WEB-APP directory you need to add a security-constraint
> >> element and a login-config element. There are examples in the examples
> >> web-app.
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
