I posted an answer to this question about 2 weeks ago. I found that if you
put the Tomcat directory for a particular context inside the Apache document
path, Apache will then pop up the logon dialog for pages destined for
Tomcat.
-----Original Message-----
From: Neil Aggarwal [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 18, 2000 10:44 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: How to password-protect a servlet?
Hello:
I am using Apache 1.3.12 with Tomcat 3.1 and I wanted to
password protect a servlet running on Tomcat with the
Apache password mechanism.
In my httpd.conf file, I placed the following lines:
<LocationMatch /videosearch/servlet/AdminServlet>
AuthName "VideoSearch Admin"
AuthType Basic
AuthUserFile /usr/local/apache/conf/vidadmin.password
require valid-user
</LocationMatch>
But, it did not ask me for a password. But, if I change the location
match to:
<LocationMatch /test>
AuthName "VideoSearch Admin"
AuthType Basic
AuthUserFile /usr/local/apache/conf/vidadmin.password
require valid-user
</LocationMatch>
(The only thing I changed is the location to a directory called
test)
Everything works fine in this case.
Is Tomcat intercepting the URL before apache has a chance to
check if it needs to ask for a password?
Is there a way to use Apache's authentication for URLs that
point to Tomcat?
If not, does Tomcat have authentication capabilities?
Thanks,
Neil.
--
Neil Aggarwal
JAMM Consulting, Inc. -- (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development -- Java, JSP, servlets, databases
