Greetings all,
I am having trouble getting
authorization to work for a web-app in Tomcat. I would appreciate any
advise I can get. Here is my case:
I am using Apache 1.3.12 & Tomcat 3.2 (I also
want 3.1 to work)
I have a webapp deployed entirely under
Tomcat/webapps/ecims
I want user authentication to happen on ANY file,
servlet, jsp, etc... in that webapp.
This is what I have done, and the
effect:
I added this to my
Tomcat/webapps/ecims/web-inf/web.xml file:
<security-constraint>
<web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method>
<http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>ecims</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Example Basic Authentication Area</realm-name> </login-config> When I hit my index page, I got the Auth dialog
from IE. (great! It works...)
Then as I browsed through all is well... until I
hit an Applet. The Applet loading caused another auth dialog BUT it was a
java based dialog. And it continued popping up java dialogs for my auth
info. It asks about 6 or 8 times, and it hit about 30-40 urls. ALL
of these connections are back to servlets in my webapp (ecims).
My only thoughts are... I am using the Java plugin
and maybe it is connecting directly to the server instead of using IE.
This would explain it not having the previously entered user and password.
However it does not explain why I get asked several times for what is the same
URL (excluding parameters).
I thought I would try using Apache
security:
I did set it up but it is ignored if I use port
8080 (Tomcat for me). If I use 80 (Apache) then it asks and works for
static content of my web-app but any dynamic content fails to load.
Thoughts, comments, and pointers are all welcome.
Thanks in advance.
RA.
Russell Allen
Sr. Software Engineer Emageon (205) 980-9222x605 |