Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security problem

 
Andrew Collins
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Can someone help me out ?
deployment descriptor :
<servlet-mapping>
<servlet-name>SecuredServlet</servlet-name>
<url-pattern>/secured</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/secured</url-pattern>
<http-method>get</http-method>
<http-method>post</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Nevertheless, my browser can reach SecuredServlet without any authentication, as if there is no security issued in the deployment descriptor
thanks
 
Mark Bensing
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Andrew,
What type of authentication are you using (BASIC, FORM)? Do you ever get prompted to log in or is it intermittent? I know that form-based authentication can be flaky with Tomcat 4.0.1 and it seems to work better with Tomcat 4.1.18; I haven't experimented with basic authentication.
Mark
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic