tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neil Davies <neil.dav...@uk.boo.com>
Subject RE: tomcat-users.xml
Date Fri, 14 Apr 2000 09:00:24 GMT
thanks for the prompt reply

-----Original Message-----
From: Peder Pedersen [mailto:peder@caput.dk]
Sent: Friday, April 14, 2000 10:55 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: tomcat-users.xml


Hi Neil,

My impression is that the tomcat-users.xml authorization mechanism is 
in an "early stage" condition. Anyway, you set up the users with 
password and roles, like:

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="admin" password="nimda" roles="admin" />
</tomcat-users>

Then you set up your web application authorization constraints in the 
web application deployment descriptor (webappl/WEB-INF/web.xml). Check 
out the Servlet specification, and the web.xml DTD file in particular.
For a very simple example, use something like:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Pages</web-resource-name>
            <url-pattern>/admin/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
   </security-constraint>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>login.html</form-login-page>
            <form-error-page>login.html</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>admin</role-name>
    </security-role>

The login page in this example should have the format as specified in 
the specification; something like:

<html>
<head>
	<title> Security crap. </title>
</head>
<body>
	<form method="POST" action="j_security_check">
		Username <input type="text" name="j_username" size=20><br>
		Password <input type="password" name="j_password"
size=20><br>
		<input type="submit" name="Login" value="Login" size=20><br>
	</form>
</body>
</html>

Now, if you try to acccess a page in the admin folder, you are 
automatically forwarded to the login page first.
Btw, I seem to recall that someone had looked into LDAP integration...

Best regards,
 - Peder


>>>>>>>>>>>>>>>>>> Original Message
<<<<<<<<<<<<<<<<<<

On 4/14/00, 9:25:45 AM, Neil Davies <neil.davies@uk.boo.com> wrote 
regarding tomcat-users.xml:


> Dear All,


>           Could anyone help please.How do i set up authorization using
> tomcat-users.xml?

> 
-----------------------------------------------------------------------
---
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org




--------------------------------------------------------------------------
To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
For additional commmands, email: tomcat-user-help@jakarta.apache.org

Mime
View raw message