I am using tomcat and I have defined the auth type as BASIC in my web.xml.I want to display the basic auth login box when the user access the particular URL and my servlet filter handles the passed in user id and password to authenticate the user. Am not getting the login box when I access the URL...is there any config am missing? [ January 16, 2008: Message edited by: Mary Cole ]
I don't have any roles to check currently. whenever I access Sample page , it should open the login box and when I entere the credentials and submit, the request should be filtered by my Servlet filter where I do the authentication and if successful allow the user to hit the servlet or redirect back to 401 page.
Thanks in advance
[ January 16, 2008: Message edited by: Mary Cole ]
[ UD: added linebreaks to preserve layout ] [ January 16, 2008: Message edited by: Ulf Dittmer ]
Joined: Mar 22, 2005
There's your problem: there's no security-constraint element that specifies which URLs to protect. See here and here for some more detailed discussion.
You need to define users, passwords and roles in what Tomcat calls a Realm. Then Tomcat will do the rest - no servlet filter is required.
If for some reason the servlet-provided stuff is not sufficient, and you really need to roll your own, it gets a bit trickier.