HI,
I am not able to run BASIC authentication with
tomcat and
Servlet , apps runing like there is no authentication.
i tried every possible way and searched most of links.
Can you guys help me about what am i missing/wrong in my stimulation ?
What i done so far:
1.update server.xml with memory realm.
2.update tomcat-user.xml for username,password & role.
3.add necessary tag in web,xml
4.also tried FORM authentication too but didn't work.
Pasting
1.Changes in server.xml
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via
JDBC -->
2.changes in tomcat-user.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="member"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="pramod" password="pramod" roles="member"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
3.web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- ==================================================================== -->
<!-- -->
<!-- CONFIDENTIAL - Copyright (c) 2005-2006, Webaroo Inc. -->
<!-- All Rights Reserved as an unpublished work. -->
<!-- -->
<!-- ==================================================================== -->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<servlet>
<servlet-name>firstcontroller</servlet-name>
<servlet-class>com.projects.controller.FirstServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>firstcontroller</servlet-name>
<url-pattern>/selection.do</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name> RSCPramodPawar </web-resource-name>
<url-pattern>/selection.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-contraint>
<role-name>member</role-name>
</auth-contraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Application</realm-name>
</login-config>
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>member</role-name>
</security-role>
</web-app>
4.Code of Servlet : com/projects/controller/FirstServlet.java
package com.projects.controller;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
public class FirstServlet extends HttpServlet
{
public void doGet (HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException
{
String colorChoice = request.getParameter("color");
PrintWriter out = response.getWriter();
out.println("This is doGet method of FirstServlet and choice "+colorChoice);
}
public void doPost (HttpServletRequest request,HttpServletResponse response)throws ServletException, IOException
{
PrintWriter out = response.getWriter();
out.println("This is doPost method of FirstServlet");
}
}