posted 18 years ago
Hi ranchers,
Is there anything else that needs to be done for authentication using DIGEST method.
I have a constrained resource with only Admin roles allowed to invoke GET requests. This works fine with 'BASIC' authentication method but when I change the method to DIGEST, it prohibits me to access the page throwing a HTTP 403 - Access denied.
The snippet from web.xml:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>Admin</role-name>
<role-name>Member</role-name>
<role-name>Guest</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Resource1</web-resource-name>
<url-pattern>/MyELServlet.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
Is there anything I am missing?
Please guide.
Thanks.