tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: problems with web.xml and security
Date Tue, 17 Jun 2003 08:40:18 GMT
Your web.xml file is invalid.  If you re-post the question to tomcat-user,
I'll be more than happy to explain why.

----- Original Message -----
From: "Rosaria Silipo" <rosariasilipo@yahoo.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Monday, June 16, 2003 7:20 PM
Subject: problems with web.xml and security


>
>
> Hi,
>
> I am trying to set up Tomcat as a secure web engine.
> From the tutorial I understood that you should insert the following
> lines in web.xml and the password protection should work.
>
> This works perfectly for files in the root directory, it does not work
> for files in subdirectories, like /secure/*.
>
> Have you have ever seen this problem before?
>
> Thanks for any help
>
> -- Rosaria
>
> <!DOCTYPE web-app
>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>     "http://java.sun.com/dtd/web-app_2_3.dtd">
>
> <web-app>
> ...
>
> <!-- SECURITY CONSTRAINT -->
> <security-constraint>
>   <web-resource-collection>
>      <web-resource-name>Secure Pages</web-resource-name>
>      <description>Security constraint on all files</description>
>      <url-pattern>/*</url-pattern>
>      <url-pattern>/*/*</url-pattern>
>      <http-method>POST</http-method>
>      <http-method>GET</http-method>
>   </web-resource-collection>
>
>   <auth-constraint>
>     <description>admin can login</description>
>      <role-name>admin</role-name>
>   </auth-constraint>
>
>    <user-data-constraint>
>      <description>SSL not required</description>
>      <transport-guarantee>NONE</transport-guarantee>
>    </user-data-constraint>
> </security-constraint>
>
> <session-config>
>    <session-timeout>30</session-timeout>
> </session-config>
>
> <!-- LOGIN AUTHENTICATION -->
>
> <login-config>
>   <auth-method>FORM</auth-method>
>   <realm-name>default</realm-name>
>   <form-login-config>
>     <form-login-page>/LoginForm.html</form-login-page>
>     <form-error-page>/LoginError.html</form-error-page>
>   </form-login-config>
>
> </login-config>
>
> <!-- SECURITY ROLES -->
>
> <security-role>
>    <description>The most secure role</description>
>    <role-name>admin</role-name>
> </security-role>
>
> </web-app>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message