aspose file tools*
The moose likes Servlets and the fly likes Basic Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Basic Authentication Problem" Watch "Basic Authentication Problem" New topic
Author

Basic Authentication Problem

Murat Balkan
Ranch Hand

Joined: Sep 10, 2002
Posts: 127
Hi,
I need to use basic authentication in my servlet application. I added
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
lines in the web.xml file. But browser does not trigger the basic authentication.(I am using Tomcat container)
Wheres the problem?
Thanks
Murat
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
It may be the one that is needed in your web.xml... Instead of realm-name "sales", you may modify it to suit your requirement...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>sales</realm-name>
</login-config>
Hope it helps...


Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Murat Balkan
Ranch Hand

Joined: Sep 10, 2002
Posts: 127
Hi,
I added realm element but still the same . It does not prompt for password.
This is a Tomcat problem??
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Have u set up the web-resource-collection element to specify the protected resources and the http-method to apply on them? Related to Tomcat, u will need to set up the users' names and passwords in <tomcat-root>\conf\tomcat-users.xml...
Hope it is helpful....
Murat Balkan
Ranch Hand

Joined: Sep 10, 2002
Posts: 127
I have users in my tomcat-users.xml file associated with roles. Still nothing
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Originally posted by Murat Balkan:
I have users in my tomcat-users.xml file associated with roles. Still nothing

Does it mean that the browser can access the resource directly, without needing to login? Or does it give any error something like error code - 200?
Jayson Falkner
Author
Ranch Hand

Joined: May 07, 2001
Posts: 57
Here is an example from the book:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecuredBookSite</web-resource-name>
<url-pattern>/secured/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Reader</role-name>
</auth-constraint>
</security-constraint>
The url-pattern element specifies what part of your webapp has the security applied to it. The http-method elements specify what types of HTTP actions are restricted. And the role-name specifies the role that should map to your username/password setup.
Try out the above, of course tweak the URL pattern to match whatever you are testing.


Jayson Falkner<br />jayson@jspinsider.com<br />Author of <a href="http://www.jspbook.com" target="_blank" rel="nofollow">Servlets and JavaServer Pages; the J2EE Web Tier</a>
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Yeah, Mr.Jayson, I think Murat forget to specify which Http-method to be protected in the deployment descriptor... But if I am not wrong, all of Http-methods will be blocked, if none is specified in that <http-method>... So even Murat does not specify any Http-method, the web resource under <url-pattern> will automatically be inaccessible from normal users... Isn't it?
Looking forward to hear the great explanation.... THank you...
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Basic Authentication Problem
 
Similar Threads
Unable to get Authentication popup window
Urgent please -Security setting in Jsp
Regarding Authentication!!!!
Unable to get authentication and authorization working.
j_security_check 404 error