Re: Basic Authentication not work for directory

[Daniel Zhang]

As you see in my web.xml file, I've already put /document/* as a 
url-pattern(<url-pattern>/document/*</url-pattern>),  the question is
under /document  directory, there are some other types of file like 
*.pdf, *.txt which need to be protected. I also have these types of file
in other directory which need to be public. So if I put *.doc, it will 
block all doc files.

BTW, /document/*.doc never work. You still can get doc file under 
document without authentication window pop-up. The only way to block doc 
file is to put *.doc between <url-pattern> and </url-pattern>. It is not 
right as what  many tomcat documents state, is it?

-Daniel
Abid Ali Teepo wrote:
try /document/* as the url-pattern or /document/*.doc if you want the .doc files under /document to be protected ...

-----Original Message-----
From: Daniel Zhang [mailto:[EMAIL PROTECTED]
Sent: 22. juli 2003 14:48
To: Tomcat Users List
Subject: Basic Authentication not work for directory
Hi, all -

I've configured Tomcat 4.1.18 on RH Linux 8 server.  Then I need some 
authentication for certain
directories under webapps. So I configured server.xml, web.xml and 
tomcat-users.xml creating a
role and its username with password. It works only for individual file 
with an extension name. But
never work for a directory. As you see  following code, it pops up basic 
authentication window for
all *.doc files, but does not work for files under /document directory. 
Anyone had the same experience?

===== web.xml =======
<security-constraint>
       <display-name>Security Check</display-name>
       <web-resource-collection>
           <web-resource-name>Basic Authentication</web-resource-name>
           <url-pattern>*.doc</url-pattern>
           <url-pattern>/document/*</url-pattern>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>HEAD</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>tom</role-name>
       </auth-constraint>
   </security-constraint>
   <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Doc Authentication</realm-name>
   </login-config>
   <security-role>
       <role-name>tom</role-name>
   </security-role>
====== tomcat-users.xml =========
<tomcat-users>
 <role rolename="tom" />
 <role rolename="role1" />
  <user name="tomcat" password="tomcat" roles="tom" />
 <user name="role1"  password="tomcat" roles="role1"  />
 <user name="both"   password="tomcat" roles="tom,role1" />
 </tomcat-users>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]