security problem

Ranch Hand

Posts: 42

posted 22 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi,
Can someone help me out ?
deployment descriptor :
<servlet-mapping>
<servlet-name>SecuredServlet</servlet-name>
<url-pattern>/secured</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/secured</url-pattern>
<http-method>get</http-method>
<http-method>post</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Nevertheless, my browser can reach SecuredServlet without any authentication, as if there is no security issued in the deployment descriptor

thanks

Mark Bensing

Ranch Hand

Posts: 40

posted 22 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Andrew,
What type of authentication are you using (BASIC, FORM)? Do you ever get prompted to log in or is it intermittent? I know that form-based authentication can be flaky with Tomcat 4.0.1 and it seems to work better with Tomcat 4.1.18; I haven't experimented with basic authentication.
Mark

With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.