tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Verona <joa...@verona.se>
Subject authentification question
Date Sun, 07 May 2000 11:12:23 GMT
hello,

i would like to get authentification to work under tomcat. some of the questions are FAQ,
but i dont know how to search the user list(ive looked through the dev list, which has an
archive)

i use tomcat 3.1, apache and rh linux 6.1

1) the supplied jsp example of authentification doesn't work. i've seen this on the dev list,
but what is the resolution? is this fixed in the daily builds?

2) i tried to set up my own tomcat protected area, like the example. nothing happens, it is
unprotected as normal. i've set up my web.xml apropriately i believe. i've also changed the
tomcat.conf so apache redirect all requests to tomcat in the protected area.

if i let apache protect the area, getRemoteUser() and so on work well, but my goal is to make
my own 
security interceptor, so this solution is not possible for me.

from server.xml:	
<Context path="/arbfileupload" docBase="/home/httpd/html/arbfileupload" debug="1" reloadable="true">

        </Context>

from web.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Prt</web-resource-name>
	 <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/*</url-pattern>
	 <!-- If you list http methods, only those methods are protected -->
	 <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
	 <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
	 <role-name>uploader</role-name>
	 <role-name>admin</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses BASIC authentication -->
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Upl</realm-name>
    </login-config>

</web-app>

from tomcat.conf:

ApJServMount /arbfileupload /root
-- 
Joakim Verona
joakim@verona.se
http://www.verona.se/~joakimv

Mime
View raw message