Re: webdav over SSL with http-auth?

Mon, 11 Mar 2002 16:24:59 -0800 

It turned out that the problem fixed itself when I restarted tomcat. ugh.

On Mon, Mar 11, 2002 at 12:54:52PM -0800, Aditya wrote:
> I'm trying to allow users to upload their files to their context via webdav on
> a Tomcat 4.0.2 server over SSL and with auth-constraints on who can upload
> stuff (I've tried it without auth-constraints and it works as expected). I've
> followed the basic template offered at:
> 
>   http://www.jguru.com/faq/view.jsp?EID=544213
> 
> Unfortunately, Tomcat doesn't seem to be requiring the webdav client to
> present the http auth login prompt. I've tried logging in as:
> 
>   https://username:password@server/context
> 
> and that seems not to make a difference. If I try to PUT a file (this is with
> the cadaver client) I get a 302 error instead of a 403 as I would expect:
> 
> dav:/blah/> put foo.html
> Uploading foo.html to `/blah/foo.html':
> Progress: [=============================>] 100.0% of 255 bytes failed:
> 302 Moved Temporarily
> 
> My auth config in the context web.xml looks like the following:
> 
>     <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>The Entire Web</web-resource-name>
>          <url-pattern>/*</url-pattern>
>          <http-method>COPY</http-method>
>          <http-method>DELETE</http-method>
>          <http-method>MOVE</http-method>
>          <http-method>POST</http-method>
>          <http-method>PUT</http-method>
>          <http-method>LOCK</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <role-name>manager</role-name>
>       </auth-constraint>
>     </security-constraint>
> 
>   <login-config>
>     <auth-method>BASIC</auth-method>
>     <realm-name>Blah realm</realm-name>
>   </login-config>
> 
>   <security-role>
>    <description>An example role defined in a JNDI realm</description>
>     <role-name>manager</role-name>
>   </security-role>
> 
> does anyone have any hints on what I might be doing wrong?
> 
> Thanks,
> Adi
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to