I've configured Tomcat 4.1.18 on RH Linux 8 server. Then I need some authentication for certain
directories under webapps. So I configured server.xml, web.xml and tomcat-users.xml creating a
role and its username with password. It works only for individual file with an extension name. But
never work for a directory. As you see following code, it pops up basic authentication window for
all *.doc files, but does not work for files under /document directory. Anyone had the same experience?
===== web.xml =======
<security-constraint>
<display-name>Security Check</display-name>
<web-resource-collection>
<web-resource-name>Basic Authentication</web-resource-name>
<url-pattern>*.doc</url-pattern>
<url-pattern>/document/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tom</role-name>
</auth-constraint>
</security-constraint> <login-config>
<auth-method>BASIC</auth-method>
<realm-name>Doc Authentication</realm-name>
</login-config> <security-role>
<role-name>tom</role-name>
</security-role>
====== tomcat-users.xml =========
<tomcat-users>
<role rolename="tom" />
<role rolename="role1" />
<user name="tomcat" password="tomcat" roles="tom" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tom,role1" />
</tomcat-users>--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
