tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joel Rouiller" <joel.rouil...@infometis.ch>
Subject Re: HELP - Security in web.xml
Date Tue, 30 May 2000 06:12:30 GMT
No, I intentionally commented out any <security-constraint> or <login-config> tags.
  ----- Original Message ----- 
  From: Vincent Aumont 
  To: tomcat-user@jakarta.apache.org 
  Sent: Monday, May 29, 2000 5:40 PM
  Subject: Re: HELP - Security in web.xml


  Are you sure you don't have a <security-constraint> or 
  <login-config> in your web.xml file? 
  Joel Rouiller wrote: 

    Dear reader, I installed Tomcat on Linux with the Apache web server. All the examples
are running well. But our servlet (running well with JServ) makes me sick. I installed all
necessary files in $TOMCAT/webapps/reporting as described in various papers. The web.xml file
looks like this: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app 
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" 
        "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> <web-app> 
      <servlet> 
        <servlet-name>Reporting</servlet-name> 
        <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>

        <init-param> 
          <param-name>db.driver</param-name> 
          <param-value>oracle.jdbc.driver.OracleDriver</param-value> 
        </init-param> 
        <init-param> 
          ... other init parameters ...    </init-param> 
        <init-param> 
          <param-name>html.entries_new</param-name> 
          <param-value>2</param-value> 
        </init-param> 
      </servlet> 
      <servlet-mapping> 
        <servlet-name>Reporting</servlet-name> 
        <url-pattern>/reporting</url-pattern> 
      </servlet-mapping> 
    </web-app> I added the following line in $TOMCAT/conf/server.xml:         <Context
path="/reporting" docBase="webapps/reporting" debug="9" reloadable="true">        </Context>
And $TOMCAT/conf/tomcat.conf look like this: ###############################################################################

    #                     Apache JServ Configuration File                         # 
    ################################################################################ Note:
this file should be appended or included into your httpd.conf # Tell Apache on Unix to load
the Apache JServ communication module 
    # For shared object builds only!!! 
    # @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so 
    LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule mod_jserv.c> 
    # Do not edit! 
    ApJServManual on 
    ApJServDefaultProtocol ajpv12 
    ApJServSecretKey DISABLED 
    ApJServMountCopy on 
    ApJServLogLevel notice 
    ApJServLogFile DISABLED### Change if you run tomcat on a different host 
    #ApJServDefaultHost localhost 
    ApJServDefaultPort 8007   
    #################### All jsp files will go to tomcat #################### 
    #ApJServMount default /root AddType text/jsp .jsp 
    AddHandler jserv-servlet .jsp ############################## Context mapping - you need
to "deploy" 
    # ( copy or ln -s ) the context into htdocs 
    ## ApJServMount /examples /root 
    ApJServMount /reporting /root 
    ApJServMount /test /root 
    ApJServMount /servlet /root </IfModule> I removed all access restriction to the
reporting directories in httpd.conf. So it should be accessed from anyone from everywhere,
but no, it allways ask me three times a user id and password to log in. Has anyone an idea
what is going wrong or what I is configured wrong? Best regards and thanks for any suggestions,
Joel Rouiller / infometis ag 

Mime
View raw message