I have an application with authentication turned on that runs fine in my development environment. Whenever I start the client, a login-dialog is presented. When I enter the credentials it checks these against my own table with user info in my database.
Then I deploy the application. Client, Tomcat and Database each on a seperate windows machine. When authentication is turned off (in the config.ini DataSourceSecurityFilter#active=false and AnonymousSecurityFilter#active=true) it runs fine, but when I turn authentication on (in the config.ini DataSourceSecurityFilter#active=true and AnonymousSecurityFilter#active=false) I get some kind of windows security dialog that I need credentials for the server on which tomcat is running. (Its not the same dialog as I get on my development environment).
I also get this dialog when I am in the Tomcat manager (where I can start and stop the application) and the try to open my Application (Normally you get the "View Application Home Page", to download the Client)
I think it has nothing to do with Scout but with the confuguration of tomcat or the servers. Maybe someone recognizes the problem and give me a hint how to fix this.
If you specify that you want an authentication (what you are doing with DataSourceSecurityFilter#active=true), your browser will ask for user and password.
You can enter a valid User and Password (of your Scout application). This is independent from Tomcat.
* http://<your_tomcat_server>/<name_of_your_scout_app>/process -> handled by the application. This is where the Client Application connects to.
If you connect with the client application, you need to provide user and password there (Scout Application Window). If you go there with a browser, you will get a browser login/password window. You can enter a valid User and Password of your application to access to the HTML server debug pages.
I think that what you are asking is how to provide access to anybody (without authentication) on the default downlaod html page.
I have no idea how to do this.
I would have a look at this ResourceServlet. Maybe with an additional parameter (init-param) you can specify that you do not want any authentication for this Servlet (or an allow everybody without password authentication).
If you like we can do a "Windows Remote Help" session to look at the issue.
It might be that your tomcat is sitting in a secured environment (Windows server with MS firewall?) and that the
http BASIC Auth response header of the tomcat webapp is intercepted by the firewall and requests that the user is authenticated to AD or so.
The tomcat you use, is it an original downloaded tomcat 6 or is it customized/configured?
More detailed: does it contain some security filters in the tomcat server.xml or web.xml that add additional security to the tomcat webapps?
it took some time for me to react because I was on holiday. With the help of your comment we did some test and found out that the unexpected loging dialog is our domain login. Although the current user is already logged in it is again presenting the dialog.
It is not clear to me why it only coming when DataSourceSecurityFilter#active=true but we will continue testing.
For testing I have installed the client.exe on a terminal server, the tomcat server part on another server and the database on a third server. Maybe something is triggering the domain login when DataSourceSecurityFilter#active=true.