> From: cgswtsu78 [mailto:cg...@proofpoint.com] > Subject: Best Basic Auth Approach > > I've seen some of the tomcat basic auth examples on the web > and all of them hardcode a user id/password for a role in the > tomcat-users.xml file.
Stop there, and read the Tomcat doc on the subject: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Note especially the following: "MemoryRealm is a simple demonstration implementation of the Tomcat 6 Realm interface. It is not designed for production use." Choose a more appropriate <Realm> for your environment, and configure that. > My setup is that any request to my java based tomcat app goes through > apache and then mod_jk routes it over to tomcat. httpd should be setting a flag indicating the user has been authenticated. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
