Version: Tomcat 4.1.12 on Solaris 8 I'm trying to configure the WebDAV application included in the Tomcat 4.1.12 distribution so that it requires a login to add or remove files but not to view them.
If I use the web.xml security-constraint contained in the distribution -- <security-constraint> <web-resource-collection> <web-resource-name>The Entire Web Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> -- then all attempts to access the content, including a simple browser request for <http://localhost:8080/webdav/> require a login. I thought I could password protect only adding and removing files by adding <http-method> for PUT and DELETE as shown below -- <security-constraint> <web-resource-collection> <web-resource-name>The Entire Web Application</web-resource-name> <url-pattern>/*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> -- but, if I do that, I seem to be able to add and remove files using my WebDAV client (Web Folders on Windows XP) without authenticating. I can't help but think that I'm missing something obvious. Can anyone help? Thanks in advance. --Jim ================================== Jim Coble Senior Technology Specialist Center for Instructional Technology Email: [EMAIL PROTECTED] Voice: 919-660-5974 Fax: 919-660-5923 Box 90198, Duke University Durham, NC 27708-0198 ================================== -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>