Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Basic Authentication Problem

 
Murat Balkan
Ranch Hand
Posts: 127
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I need to use basic authentication in my servlet application. I added
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
lines in the web.xml file. But browser does not trigger the basic authentication.(I am using Tomcat container)
Wheres the problem?
Thanks
Murat
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It may be the one that is needed in your web.xml... Instead of realm-name "sales", you may modify it to suit your requirement...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>sales</realm-name>
</login-config>
Hope it helps...
 
Murat Balkan
Ranch Hand
Posts: 127
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I added realm element but still the same . It does not prompt for password.
This is a Tomcat problem??
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have u set up the web-resource-collection element to specify the protected resources and the http-method to apply on them? Related to Tomcat, u will need to set up the users' names and passwords in <tomcat-root>\conf\tomcat-users.xml...
Hope it is helpful....
 
Murat Balkan
Ranch Hand
Posts: 127
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have users in my tomcat-users.xml file associated with roles. Still nothing
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Murat Balkan:
I have users in my tomcat-users.xml file associated with roles. Still nothing

Does it mean that the browser can access the resource directly, without needing to login? Or does it give any error something like error code - 200?
 
Jayson Falkner
Author
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is an example from the book:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecuredBookSite</web-resource-name>
<url-pattern>/secured/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Reader</role-name>
</auth-constraint>
</security-constraint>
The url-pattern element specifies what part of your webapp has the security applied to it. The http-method elements specify what types of HTTP actions are restricted. And the role-name specifies the role that should map to your username/password setup.
Try out the above, of course tweak the URL pattern to match whatever you are testing.
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yeah, Mr.Jayson, I think Murat forget to specify which Http-method to be protected in the deployment descriptor... But if I am not wrong, all of Http-methods will be blocked, if none is specified in that <http-method>... So even Murat does not specify any Http-method, the web resource under <url-pattern> will automatically be inaccessible from normal users... Isn't it?
Looking forward to hear the great explanation.... THank you...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic