The login-config element should occur only once in your whole web.xml, and it should be on its own - not part of other elements. Sorry I didn't make this clear. Also, you may have to configure Apache to do BASIC authentication - but I'm not sure. Tim -----Original Message----- From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]] Sent: Friday, April 27, 2001 10:26 AM To: [EMAIL PROTECTED] Subject: Re: How to set access restriction to servlets in tomcat? I added the <auth-method> tag in web.xml and restarted tomcat and apache. It still doesn't work. The following is my settings in web.xml. Do you think there are other things we need to do? Thanks. <security-constraint> <web-resource-collection> <web-resource-name>IsItWorking</web-resource-name> <url-patterl>/servlet/IsItWorking</url-pattern> <login-config> <auth-method>BASIC</auth-method> <realm-name>timasta</realm-name> <login-config> </web-resource-collection> </security-constraint> <servlet-mapping> <url-pattern>/servlet/IsItWorking</url-pattern> <login-config> <auth-method>BASIC</auth-method> <realm-name>timasta</realm-name> <login-config> <servlet-name>IsItWorking</servlet-name> </servlet-mapping> <servlet> <servlet-name>IsItWorking</servlet-name> <servlet-class>IsItWorking</servlet-class> </servlet> ----- Original Message ----- From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 27, 2001 2:31 AM Subject: RE: How to set access restriction to servlets in tomcat? > > > one piece I left out - > > you also need to tell your app how to authenticate. > (Although, I am surprised Tomcat gave you access to a protected resource) > (i.e., how to get user credentials, in order to determine if they have > access) > > There are 4 types of authentication: > > <login-config> > <auth-method>BASIC</auth-method> <!-- optional --> > <realm-name>timasta</realm-name> <!-- optional --> > </login-config> > > authenticates using BASIC - popup dialog boxes. > > > <login-config> > <auth-method>CLIENT-CERT</auth-method> <!-- optional --> > </login-config> > > authenticates using a certificate, X509. Usually found in a header. > > <login-config> > <auth-method>FORM</auth-method> <!-- optional --> > <form-login-config> <!-- optional --> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/error.jsp</form-error-page> > </form-login-config> > </login-config> > > authenticates using forms. This works in conjunction with a page, > login.jsp, which has a form with fields j_username and j_password and > action > j_security_check. > > the final type is DIGEST, but i don't know if Tomcat supports this, as it > is > not required. > > Tim Julien > HP Middleware > > -----Original Message----- > From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 26, 2001 5:49 PM > To: [EMAIL PROTECTED] > Subject: Re: How to set access restriction to servlets in tomcat? > > > Hi, Tim: Thank you for your reply. I followed your instruction and edited > the web.xml like the following: > <security-constraint> > <web-resource-collection> > <web-resource-name>IsItWorking</web-resource-name> > <url-pattern>/servlet/IsItWorking</url-pattern> > </web-resource-collection> > </security-constraint> > > <servlet-mapping> > <url-pattern>/servlet/IsItWorking</url-pattern> > <servlet-name>IsItWorking</servlet-name> > </servlet-mapping> > > <servlet> > <servlet-name>IsItWorking</servlet-name> > <servlet-class>IsItWorking</servlet-class> > </servlet> > > I have the testing servlet IsItWorking in the > $TOMCAT_HOME/webapps/WEB-INF/classes directory. But > when I tried to access the servlet, there is no loggin prompt for me, I > just > get the page right away. Do you see anything > wrong with my settings in the web.xml. Thanks for your help. > > > ----- Original Message ----- > From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, April 26, 2001 10:18 AM > Subject: RE: How to set access restriction to servlets in tomcat? > > > > > > use the security-constraint element in web.xml: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Servlets</web-resource-name> > <url-pattern>/main/secure</url-pattern> > </web-resource-collection> > </security-constraint> > > <servlet-mapping> > <url-pattern>/main/secure</url-pattern> > <servlet-name>main servlet</servlet-name> > </servlet-mapping> > > <servlet> > <servlet-name>main servlet</servlet-name> > <servlet-class>org.foo.Servlet</servlet-class> > </servlet> > > Tim Julien > HP Middleware > > -----Original Message----- > From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 26, 2001 11:05 AM > To: [EMAIL PROTECTED] > Subject: How to set access restriction to servlets in tomcat? > > > Could someone drop me any hints about how to set access restriction to > servlets, please? > One of my servlets needs to get the user name using request.getRemoteUser > () method. > Can we set access restriction to servlets in Tomcat? > > Thanks for you help! >
RE: How to set access restriction to servlets in tomcat?
JULIEN,TIMOTHY (HP-NewJersey,ex2) Fri, 27 Apr 2001 07:43:53 -0700
- How to set access restriction to servlet... Xiaofeng Chen
- RE: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- Re: How to set access restricti... Xiaofeng Chen
- core java <<out of topic&... Shailendra
- RE: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- Re: How to set access restricti... Xiaofeng Chen
- RE: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- RE: How to set access restriction t... Boyce, David
- Re: How to set access restricti... Xiaofeng Chen
