Thanks for pointing it out.
----- Original Message -----
From: "Boyce, David" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 27, 2001 10:29 AM
Subject: RE: How to set access restriction to servlets in tomcat?
>
>
> Also, the <login-config> elements in the sample aren't properly closed
with
> a </login-config>. The / is missing.
>
> -dsb
>
> -----Original Message-----
> From: JULIEN,TIMOTHY (HP-NewJersey,ex2) [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 27, 2001 11:01 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: How to set access restriction to servlets in tomcat?
>
>
> The login-config element should occur only once in your whole web.xml, and
> it should be on its own - not part of other elements. Sorry I didn't make
> this clear.
>
> Also, you may have to configure Apache to do BASIC authentication - but
I'm
> not sure.
>
> Tim
>
> -----Original Message-----
> From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 27, 2001 10:26 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How to set access restriction to servlets in tomcat?
>
>
> I added the <auth-method> tag in web.xml and restarted tomcat and apache.
> It
> still doesn't work.
> The following is my settings in web.xml. Do you think there are other
> things
> we need to do? Thanks.
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>IsItWorking</web-resource-name>
> <url-patterl>/servlet/IsItWorking</url-pattern>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>timasta</realm-name>
> <login-config>
> </web-resource-collection>
> </security-constraint>
>
> <servlet-mapping>
> <url-pattern>/servlet/IsItWorking</url-pattern>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>timasta</realm-name>
> <login-config>
> <servlet-name>IsItWorking</servlet-name>
> </servlet-mapping>
>
> <servlet>
> <servlet-name>IsItWorking</servlet-name>
> <servlet-class>IsItWorking</servlet-class>
> </servlet>
>
>
> ----- Original Message -----
> From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, April 27, 2001 2:31 AM
> Subject: RE: How to set access restriction to servlets in tomcat?
>
>
> >
> >
> > one piece I left out -
> >
> > you also need to tell your app how to authenticate.
> > (Although, I am surprised Tomcat gave you access to a protected
resource)
> > (i.e., how to get user credentials, in order to determine if they have
> > access)
> >
> > There are 4 types of authentication:
> >
> > <login-config>
> > <auth-method>BASIC</auth-method> <!-- optional -->
> > <realm-name>timasta</realm-name> <!-- optional -->
> > </login-config>
> >
> > authenticates using BASIC - popup dialog boxes.
> >
> >
> > <login-config>
> > <auth-method>CLIENT-CERT</auth-method> <!-- optional -->
> > </login-config>
> >
> > authenticates using a certificate, X509. Usually found in a header.
> >
> > <login-config>
> > <auth-method>FORM</auth-method> <!-- optional -->
> > <form-login-config> <!-- optional -->
> > <form-login-page>/login.jsp</form-login-page>
> > <form-error-page>/error.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> >
> > authenticates using forms. This works in conjunction with a page,
> > login.jsp, which has a form with fields j_username and j_password and
> > action
> > j_security_check.
> >
> > the final type is DIGEST, but i don't know if Tomcat supports this, as
it
> > is
> > not required.
> >
> > Tim Julien
> > HP Middleware
> >
> > -----Original Message-----
> > From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 26, 2001 5:49 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to set access restriction to servlets in tomcat?
> >
> >
> > Hi, Tim: Thank you for your reply. I followed your instruction and
edited
> > the web.xml like the following:
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>IsItWorking</web-resource-name>
> > <url-pattern>/servlet/IsItWorking</url-pattern>
> > </web-resource-collection>
> > </security-constraint>
> >
> > <servlet-mapping>
> > <url-pattern>/servlet/IsItWorking</url-pattern>
> > <servlet-name>IsItWorking</servlet-name>
> > </servlet-mapping>
> >
> > <servlet>
> > <servlet-name>IsItWorking</servlet-name>
> > <servlet-class>IsItWorking</servlet-class>
> > </servlet>
> >
> > I have the testing servlet IsItWorking in the
> > $TOMCAT_HOME/webapps/WEB-INF/classes directory. But
> > when I tried to access the servlet, there is no loggin prompt for me, I
> > just
> > get the page right away. Do you see anything
> > wrong with my settings in the web.xml. Thanks for your help.
> >
> >
> > ----- Original Message -----
> > From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, April 26, 2001 10:18 AM
> > Subject: RE: How to set access restriction to servlets in tomcat?
> >
> >
> >
> >
> >
> > use the security-constraint element in web.xml:
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Secure Servlets</web-resource-name>
> > <url-pattern>/main/secure</url-pattern>
> > </web-resource-collection>
> > </security-constraint>
> >
> > <servlet-mapping>
> > <url-pattern>/main/secure</url-pattern>
> > <servlet-name>main servlet</servlet-name>
> > </servlet-mapping>
> >
> > <servlet>
> > <servlet-name>main servlet</servlet-name>
> > <servlet-class>org.foo.Servlet</servlet-class>
> > </servlet>
> >
> > Tim Julien
> > HP Middleware
> >
> > -----Original Message-----
> > From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 26, 2001 11:05 AM
> > To: [EMAIL PROTECTED]
> > Subject: How to set access restriction to servlets in tomcat?
> >
> >
> > Could someone drop me any hints about how to set access restriction to
> > servlets, please?
> > One of my servlets needs to get the user name using
> request.getRemoteUser
> > () method.
> > Can we set access restriction to servlets in Tomcat?
> >
> > Thanks for you help!
> >
>
