And here is the relevant web.xml stuff, again:
<security-constraint>
<display-name>Uploading files</display-name>
<web-resource-collection>
<web-resource-name>FileReceiverBean</web-resource-name>
<url-pattern>/tpos/incoming/ba/*</url-pattern>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<description>Has to be a member of the BA group</description>
<role-name>BA</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>incoming-realm</realm-name>
</login-config>
<security-role>
<description/>
<role-name>BA</role-name>
</security-role>
I have created a file based security realm in the GF admin console called "incoming-realm", and have two users there. But it seems to make no difference whatsoever what I put in the -u section of the curl command, the request always goes all the way to the web app without authentication (the web app checks and there is never any user info available).
[Message sent by forum member 'hordurth' (hordurth)]
http://forums.java.net/jive/thread.jspa?messageID=361580