Craig:
Is there a working example of this?
Here is what I did:
1. I added my user to the conf/tomcat-users.xml:
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
<user name="admin" password="test" roles="admin" />
</tomcat-users>
2. In my application's web.xml file, I added the following
lines within the <web-app> tag:
<login-config>
<realm-name>Videosearch Admin</realm-name>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminServlet</web-resource-name>
<url-pattern>/videosearch/servlet/AdminServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
3. I then restarted Tomcat.
I still dont get a login box when I visit the URL.
The logs dont have any information.
Am I missing something else?
Thanks,
Neil.
> Do you also have a <login-config> element in your web.xml file? If you do not,
> Tomcat has no way to know how to authenticate users, so it does not even try.
> You could probably make a case that Tomcat should reject access by default in
> this scenario, but this is how it currently works.
>
> Regarding setting up usernames and passwords -- the default configuration uses a
> text file "conf/tomcat-users.xml" to define the valid users and their roles.
> See comments in "conf/server.xml" for how to change to a different
> implementation.
--
Neil Aggarwal
JAMM Consulting, Inc. -- (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development -- Java, JSP, servlets, databases
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
