BASIC authentication in Tomcat

[Bradley E. Rintoul]

Hello:

I'm having trouble getting BASIC authentication to work in Tomcat
using NetBeans as an IDE (maybe a irrelevant fact).

I have made the entries required in web.xml:

<security-constraint>
<web-resource-collection>
<web-resource-name>
SecurityPages
</web-resource-name>
<description>
Security Constraint /login
</description>
<url-pattern>
/add/*
</url-pattern>
<http-method>
POST
</http-method>
<http-method>
GET
</http-method>
</web-resource-collection>
<auth-constraint>
<description>
Only admin users
</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>
BASIC
</auth-method>
<realm-name>
This realm
</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>

And I have made an entry in tomcat-users.xml listing the username,
password and role I'd like to have access.

The dialog box pops up as expected when trying to access anything in
/add, but after entering the username and password, the dialog box
keeps popping up! I know BASIC is not encrypted well and yadda-yadda,
but I don't want to go about attempting FORM based authentication if I
can't get this to work.

Any ideas out there? If any more information is required, I would be
happy to supply it. Could it be my Mozilla browser not implementing
the actions correctly?

Thanks in advance...

 

[Bradley E. Rintoul]

Hello:

I'm having trouble getting BASIC authentication to work in Tomcat
using NetBeans as an IDE (maybe a irrelevant fact).

As it turns out, the fact that I was using the internal Tomcat server
installation did have an effect here. I was modifying the *wrong*
tomcat-users.xml file! The server had two directories listed in its
properties - a "base" directory and a "home" directory. I was
modifying the file in "home" when "base" should have been modified. I
figured this out after I noticed no logs were being created where they
should have been... Dang!