Authentication without authorization in tomcat 5.5



I am using Apache Tomcat 5.5.
I am trying to use Tomcat container security for authentication.

I do not want authorization. Every authenticated user should be able
to access all resources.

I tried this..
<!-- Define a security constraint on this application -->
<web-resource-name>Entire Application</web-resource-name>
<!-- This role is not in the default user directory -->
<realm-name>Tomcat Manager Application</realm-name>

Now when i try to access the page, i get
"HTTP Status 403 - Access to the requested resource has been denied"

I have to specify <security-role> to make this work.

Is it possible to do only authentication and no authorization with
tomcat container security?


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question