RE: Basic Authentication Valve not hitting on Tomcat7.0.20

Thu, 16 Feb 2012 11:28:44 -0800 

I have that in the server.xml still no luck
<security-constraint>
      <display-name>Security Constraint</display-name>
      <web-resource-collection>
          <web-resource-name>secure</web-resource-name>
         <web-resource-name>Restricted Access - Get Only</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
   <login-config>
      <auth-method>BASIC</auth-method> 
      <realm-name>Management Reports</realm-name>
                        <form-login-config>
                           <form-login-page>/index.jsp</form-login-page>
                           <form-error-page>/errorpage.jsp</form-error-page>
                        </form-login-config>                                    
                         
    </login-config>

-----Original Message-----
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
Sent: Thursday, February 16, 2012 1:59 PM
To: Tomcat Users List
Subject: Re: Basic Authentication Valve not hitting on Tomcat7.0.20

2012/2/16 Christopher Schultz <ch...@christopherschultz.net>:
>
> On 2/16/12 8:26 AM, Sachin Mehrotra wrote:
>> <login-config> <auth-method>BASIC</auth-method> <realm-name>My App 
>> Realm</realm-name> </login-config>
>
> I believe if you set <auth-method> to BASIC, Tomcat will add its own 
> Valve to the valve chain. If you don't set the <auth-method> here but 
> still add your <Valve> to context.xml, does that improve things?
>

IIRC Tomcat would not add Authenticator valve if one is already there, so this 
tip is useless.

Anyway you can always run Tomcat under debugger (see FAQ ->
Development) and see what really is going on.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to