[wplug] Tomcat5 question basic-auth
Shawn Maceno
smaceno at Accessdc.com
Wed Jun 8 08:00:26 EDT 2005
I'm using Tomcat 5 and am trying to configure basic authentication on a
web-app to prevent the site from being open to the public. I have auth
working. The first page brought up is http://www.mysite.com/login.html,
which prompts you to log in, and upon successful login, the next page
brought up is https://www.mysite.com/login.do. Again, you're prompted
for the basic-auth by Tomcat. Does anyone have any ideas on how to
prevent the second log on?
BTW, login.html contains the following html redirect:
<meta http-equiv="REFRESH" content="0;url=logon.do"></HEAD>
and the web.xml for the web-app contains the following auth information
<resource-env-ref>
<description>
Link to the UserDatabase instance from which we request lists of
defined role names. Typically, this will be connected to the
global
user database with a ResourceLink element in server.xml or the
context
configuration file for the Manager web application.
</description>
<resource-env-ref-name>users</resource-env-ref-name>
<resource-env-ref-type>
org.apache.catalina.UserDatabase
</resource-env-ref-type>
</resource-env-ref>
<security-constraint>
<display-name>Site Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Site</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Site Application</realm-name>
</login-config>
<security-role>
<description>
The role that is required to log in to the Site Application
</description>
<role-name>Site</role-name>
</security-role>
Thanks for any help!
Shawn Maceno
More information about the wplug
mailing list