File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Basic Auth login box Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Basic Auth login box" Watch "Basic Auth login box" New topic
Author

Basic Auth login box

Mary Cole
Ranch Hand

Joined: Dec 02, 2000
Posts: 362
Hi,

I am using tomcat and I have defined the auth type as BASIC in my web.xml.I want to display the basic auth login box when the user access the particular URL and my servlet filter handles the passed in user id and password to authenticate the user. Am not getting the login box when I access the URL...is there any config am missing?
[ January 16, 2008: Message edited by: Mary Cole ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42374
    
  64
You could post the relevant section of the web.xml, and the URL you are accessing. Do you have all 3 of security-constraint, security-role and login-config elements?


Ping & DNS - my free Android networking tools app
Mary Cole
Ranch Hand

Joined: Dec 02, 2000
Posts: 362
This is how my web.xml looks




I don't have any roles to check currently. whenever I access Sample page , it should open the login box and when I entere the credentials and submit, the request should be filtered by my Servlet filter where I do the authentication and if successful allow the user to hit the servlet or redirect back to 401 page.

Thanks in advance

[ January 16, 2008: Message edited by: Mary Cole ]

[ UD: added linebreaks to preserve layout ]
[ January 16, 2008: Message edited by: Ulf Dittmer ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42374
    
  64
There's your problem: there's no security-constraint element that specifies which URLs to protect. See here and here for some more detailed discussion.

You need to define users, passwords and roles in what Tomcat calls a Realm. Then Tomcat will do the rest - no servlet filter is required.

If for some reason the servlet-provided stuff is not sufficient, and you really need to roll your own, it gets a bit trickier.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Basic Auth login box