This was exactly my problem, I moved the security constraint out of the server.xml file and put it into the web.xml for the web app and it magically started working:-) The only problem I have now is that I can't do a blanket url-mapping like
<url-mapping>/*</url-mapping> or <url-mapping>/IpnDownload/*</url-mapping> These cause the XML parser to bomb and the web app fails to load, if I specify <url-mapping>/*.jsp</url-mapping>, all is good with the world. However I want to protect everything so I was looking for a shortcut, which I see references to on the net. Thanks for the response. You have been deemed "a most knowledgeable and esteemed person", don't forget to add that to your resume! :-) Ed On Tue, 2003-01-21 at 20:00, mwm wrote: > I had a look through your config stuff and it looked fairly similar to mine. > (Which is the only one I've configured - though it's form-based. Oh, and > working.) > I did have a <realm-name> entry, in login-config I think, but that didn't > look like enough to cause a problem. > > One thing has just occurred to me, though: you seem to have everything in > server.xml? I've got the realm defined there but my security-constraint / > login-config etc. are all in web.xml. Might be worth a shot (in the absence > of any other replies).... > > Mike. > > > ----- Original Message ----- > From: "Ed Robbins" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Tuesday, January 21, 2003 4:25 PM > Subject: JDBC authentication > > > Ok, bear with me. This is my first attempt at configuring Tomcat for > any type of authentication. I've configured a host with a JDBCRealm to > use a Sybase database for authentication. I added a security > constraint, login-config and a security role, however when I point my > browser to the URL, I don't see that little password box I'm so anxious > to see. The relavant config snippets are below, anyone who can put me > on the path to enlightenment would be deemed "a most knowledgeable and > esteemed person" in my eyes :-) > > > Ed > > > > <Context className="org.apache.catalina.core.StandardContext" > cachingAllowed="true" > charsetMapperClass="org.apache.catalina.util.CharsetMapper" > cookies="true" crossContext="true" debug="2" > docBase="/home/httpd/htdocs/erobbins/robbinsapps/IpnDownload" > mapperClass="org.apache.catalina.core.StandardContextMapper" > path="/IpnDownload" privileged="false" reloadable="true" > swallowOutput="false" useNaming="false" > wrapperClass="org.apache.catalina.core.StandardWrapper"> > > <Realm className="org.apache.catalina.realm.JDBCRealm" > connectionName="xxxxxxx" connectionPassword="xxxxxxx" > connectionURL="jdbc:sybase:Tds:xxxxxxxxxxxxxxxxxx:1234" debug="2" > driverName="com.sybase.jdbc2.jdbc.SybDriver" roleNameCol="role_name" > userCredCol="user_pass" userNameCol="user_name" > userRoleTable="user_roles" userTable="user_names" validate="true"/> > > <security-constraint> > <web-resource-collection> > <web-resource-name>IpnDownload</web-resource-name> > <description>Download location for Ipn web > apps</description> > <url-pattern>/IpnDownload/*</url-pattern> > <url-pattern>*</url-pattern> > </web-resource-collection> > <auth-constraint> > <description>These are the roles who have > access</description> > <role-name>download</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > </login-config> > <security-role> > <description>Download role</description> > <role-name>download</role-name> > </security-role> > </Context> > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- Ed Robbins <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>