[wplug] Tomcat5 question basic-auth

Carl Trusiak carl_trusiak at hotmail.com
Wed Jun 8 10:10:07 EDT 2005


This looks more to me to be a Browser problem and not a Tomcat problem.  The 
browser isn't return the Auth header with the redirct.  This could be caused 
by the change from http to https protocol.  I've also see information where 
changing from http://mysite.com to http://www.mysite.com or to 
http://mysub.mysite.com will prevent the browser from sending the auth 
header.

How many html pages does the site have?  if this is the only one, remove the 
html patterns from the web.xml

Carl Trusiak

>From: Shawn Maceno <smaceno at accessdc.com>
>Reply-To: General user list <wplug at wplug.org>
>To: General user list <wplug at wplug.org>
>Subject: [wplug] Tomcat5 question basic-auth
>Date: Wed, 08 Jun 2005 08:00:26 -0400
>
>I'm using Tomcat 5 and am trying to configure basic authentication on a
>web-app to prevent the site from being open to the public.  I have auth
>working.  The first page brought up is http://www.mysite.com/login.html,
>which prompts you to log in, and upon successful login, the next page
>brought up is https://www.mysite.com/login.do.  Again, you're prompted
>for the basic-auth by Tomcat.  Does anyone have any ideas on how to
>prevent the second log on?
>
>BTW, login.html contains the following html redirect:
><meta http-equiv="REFRESH" content="0;url=logon.do"></HEAD>
>
>and the web.xml for the web-app contains the following auth information
>
><resource-env-ref>
>     <description>
>       Link to the UserDatabase instance from which we request lists of
>       defined role names.  Typically, this will be connected to the
>global
>       user database with a ResourceLink element in server.xml or the
>context
>       configuration file for the Manager web application.
>     </description>
>     <resource-env-ref-name>users</resource-env-ref-name>
>     <resource-env-ref-type>
>       org.apache.catalina.UserDatabase
>     </resource-env-ref-type>
>   </resource-env-ref>
>
>
>   <security-constraint>
>      <display-name>Site Security Constraint</display-name>
>      <web-resource-collection>
>           <web-resource-name>Protected Area</web-resource-name>
>           <url-pattern>*.jsp</url-pattern>
>           <url-pattern>*.do</url-pattern>
>           <url-pattern>*.html</url-pattern>
>           <url-pattern>*.htm</url-pattern>
>      </web-resource-collection>
>      <auth-constraint>
>        <role-name>Site</role-name>
>      </auth-constraint>
>   </security-constraint>
>
>
>  <login-config>
>     <auth-method>BASIC</auth-method>
>     <realm-name>Site Application</realm-name>
>   </login-config>
>
>
><security-role>
>     <description>
>       The role that is required to log in to the Site Application
>     </description>
>     <role-name>Site</role-name>
>   </security-role>
>
>
>
>Thanks for any help!
>
>Shawn Maceno
>_______________________________________________
>wplug mailing list
>wplug at wplug.org
>http://www.wplug.org/mailman/listinfo/wplug




More information about the wplug mailing list