Authentication without authorization in tomcat 5.5

S

sunilp

I am using Apache Tomcat 5.5.
I am trying to use Tomcat container security for authentication.

I do not want authorization. Every authenticated user should be able
to access all resources.

I tried this..
web.xml
--------
<!-- Define a security constraint on this application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- This role is not in the default user directory -->
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>

Now when i try to access the page, i get
"HTTP Status 403 - Access to the requested resource has been denied"

I have to specify <security-role> to make this work.

Is it possible to do only authentication and no authorization with
tomcat container security?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top