Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

BASIC authenication trouble

 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello:

I am trying to set up BASIC authentication on a servlet on OAS 10.1.3.1. I want to constrain every method of access to the servlet. I have created a realm through the Security Providers. Here are my web.xml:

<security-constraint>
<web-resource-collection>
<web-resource-name>CodeReloading</web-resource-name>
<url-pattern>/codereloadservlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>DELETE</http-method>
<http-method>TRACE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>codereloadrole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>codereloadrole</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>codereload</realm-name>
</login-config>

My realm ("codereload") has one role, "codereloadrole" and one user "user1" (password: "pass1") and the user is attached to the role. I get the popup login box when going to the servlet but user1/pass1 does not work. Am I missing some bit of configuration?

Thanks
Eric
 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I figured out the problem . . . when using a custom realm you must prefix the user with the realm name e.g. codereload/user1. but now I get



BASIC authentication is supposed to be easier than this! Does anybody know what this means?

Thanks
Eric
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic