> try the example security contexts, so you can see how it works.
> the interceptor in the server.xml you need to activate is clearly
commented
> in the file.
the web.xml looks just as mine. Strange thing is also, that I have this same
webapp (in fact from the very same directory) running under Orion and JRun,
and authentication works as expected. Only Tomcat lets me access all
protected pages without saying anything.
>tomcat needs to be responisble for security, so the easiest
> way to test it is to go through port 8080.
thats what I am doing
> the tomcat-users file is also clearly commented.
huh?? I dont see a single comment
> look for these lines in server.xml:
> (i have increased the debug level to see what happens)
here are the respective lines from my server.xml, which have been there all
the time:
<!-- Check if the request requires an authenticated role.
-->
<RequestInterceptor
className="org.apache.tomcat.request.AccessInterceptor"
debug="0" />
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
debug="0" />
thanks for your help, anyway
Christian
