tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rosaria Silipo" <rosariasil...@yahoo.com>
Subject problems with web.xml and security
Date Tue, 17 Jun 2003 02:20:24 GMT


Hi,

I am trying to set up Tomcat as a secure web engine.
>From the tutorial I understood that you should insert the following
lines in web.xml and the password protection should work.

This works perfectly for files in the root directory, it does not work
for files in subdirectories, like /secure/*.

Have you have ever seen this problem before?

Thanks for any help

-- Rosaria

<!DOCTYPE web-app 
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
...

<!-- SECURITY CONSTRAINT -->
<security-constraint>
  <web-resource-collection>
     <web-resource-name>Secure Pages</web-resource-name>
     <description>Security constraint on all files</description>
     <url-pattern>/*</url-pattern>
     <url-pattern>/*/*</url-pattern>
     <http-method>POST</http-method>
     <http-method>GET</http-method>
  </web-resource-collection>

  <auth-constraint>
    <description>admin can login</description>
     <role-name>admin</role-name>
  </auth-constraint>

   <user-data-constraint>
     <description>SSL not required</description>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<session-config>
   <session-timeout>30</session-timeout>
</session-config>

<!-- LOGIN AUTHENTICATION -->

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name> 
  <form-login-config>
    <form-login-page>/LoginForm.html</form-login-page>
    <form-error-page>/LoginError.html</form-error-page>
  </form-login-config>

</login-config>

<!-- SECURITY ROLES -->

<security-role>
   <description>The most secure role</description>
   <role-name>admin</role-name>
</security-role>

</web-app>







---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message