Hello,
[I attempted to look this topic up on the alias archive, but
after reading a few unrelated posts (search on "authentication"
AND "document contains no data") and then various server not
available attempts I gave up and decided to write to the group.]
I am trying to test user authentication with Tomcat v4.0 m4.
I have a *very* simple configuration:
* an index page that links to a view-common page and a view-restricted page
* the web.xml security constraint on the view-restricted page are set up as:
<!-- Restricted Resources -->
<security-constraint>
<web-resource-collection>
<web-resource-name>RestrictedResources</web-resource-name>
<url-pattern>/view-restricted.html</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>A simple restricted-access user role.</description>
<role-name>admin</role-name>
</security-role>
* the server.xml configuration file is using the MemoryRealm
* the tomcat-users.xml config. file has three users:
<tomcat-users>
<user name="tomcat" password="tacmot" roles="tomcat" />
<user name="user1" password="1resu" roles="admin" />
<user name="user2" password="2resu" roles="tomcat,admin" />
</tomcat-users>
So, I would expect that when I attempt to access the view-restricted.html
page that I get BASIC HTTP user auth. dialog box in my browser (Netscape
v4.75) and I do. That's not the weird thing. Everything works as expected
when I enter a user that has 'admin' role (e.g. 'user1'), *but* I am getting
the following Netscape error when I enter any other user (e.g. 'tomcat'):
The document contains no data.
Try again later, or contact the server's administrator.
This is not what I was expecting. Is this the correct behavior? This is
a problem because it (the browser) will not allow me to attempt to link
to that page again and re-authenticate. Note: if I miss type a given
user's password, then the browser correctly asks me to retry; it is only
when I give the correct password for a registered user but not in the
corrrect role for the restricted page that I get the above problem.
BTW, I have attached a WAR file distribution of this WebApp.
Thanks,
Bryan
+---------------------------------------+--------------------------------------+
| Bryan Basham | "You are not an isolated entity, but
| Java Courseware Developer | a unique, irreplaceable part of the
| Sun Educational Services | cosmos. Don't forget this. You are
| Phone: 1-303-272-8766 (x78766) | an essential piece of the puzzle of
| E-mail: [EMAIL PROTECTED] | humanity."
| Address: 500 Eldorado Blvd |
| MailStop: UBRM05-135 | -- The Art of Living, Epictetus
| Broomfield, CO 80021 | (trans. Sharon Lebell)
+---------------------------------------+--------------------------------------+
TestAuth1.war