• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Basic Auth login box

 
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am using tomcat and I have defined the auth type as BASIC in my web.xml.I want to display the basic auth login box when the user access the particular URL and my servlet filter handles the passed in user id and password to authenticate the user. Am not getting the login box when I access the URL...is there any config am missing?
[ January 16, 2008: Message edited by: Mary Cole ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could post the relevant section of the web.xml, and the URL you are accessing. Do you have all 3 of security-constraint, security-role and login-config elements?
 
Mary Cole
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is how my web.xml looks




I don't have any roles to check currently. whenever I access Sample page , it should open the login box and when I entere the credentials and submit, the request should be filtered by my Servlet filter where I do the authentication and if successful allow the user to hit the servlet or redirect back to 401 page.

Thanks in advance

[ January 16, 2008: Message edited by: Mary Cole ]

[ UD: added linebreaks to preserve layout ]
[ January 16, 2008: Message edited by: Ulf Dittmer ]
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's your problem: there's no security-constraint element that specifies which URLs to protect. See here and here for some more detailed discussion.

You need to define users, passwords and roles in what Tomcat calls a Realm. Then Tomcat will do the rest - no servlet filter is required.

If for some reason the servlet-provided stuff is not sufficient, and you really need to roll your own, it gets a bit trickier.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic