aspose file tools*
The moose likes Tomcat and the fly likes Basic Auth login box Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Basic Auth login box" Watch "Basic Auth login box" New topic
Author

Basic Auth login box

Mary Cole
Ranch Hand

Joined: Dec 02, 2000
Posts: 362
Hi,

I am using tomcat and I have defined the auth type as BASIC in my web.xml.I want to display the basic auth login box when the user access the particular URL and my servlet filter handles the passed in user id and password to authenticate the user. Am not getting the login box when I access the URL...is there any config am missing?
[ January 16, 2008: Message edited by: Mary Cole ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
You could post the relevant section of the web.xml, and the URL you are accessing. Do you have all 3 of security-constraint, security-role and login-config elements?


Ping & DNS - updated with new look and Ping home screen widget
Mary Cole
Ranch Hand

Joined: Dec 02, 2000
Posts: 362
This is how my web.xml looks




I don't have any roles to check currently. whenever I access Sample page , it should open the login box and when I entere the credentials and submit, the request should be filtered by my Servlet filter where I do the authentication and if successful allow the user to hit the servlet or redirect back to 401 page.

Thanks in advance

[ January 16, 2008: Message edited by: Mary Cole ]

[ UD: added linebreaks to preserve layout ]
[ January 16, 2008: Message edited by: Ulf Dittmer ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
There's your problem: there's no security-constraint element that specifies which URLs to protect. See here and here for some more detailed discussion.

You need to define users, passwords and roles in what Tomcat calls a Realm. Then Tomcat will do the rest - no servlet filter is required.

If for some reason the servlet-provided stuff is not sufficient, and you really need to roll your own, it gets a bit trickier.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Basic Auth login box
 
Similar Threads
SSO for app
BASIC authenication trouble
how to force user to login again when the session timed out
Redirect to the requested page failed using form-based authentication
Can we have multiple login forms in spring security?