tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Aumont <vincent.aum...@vslab.com>
Subject Re: HELP - Security in web.xml
Date Mon, 29 May 2000 15:40:56 GMT
Are you sure you don't have a <security-constraint> or
<login-config> in your web.xml file?

Joel Rouiller wrote:

> Dear reader, I installed Tomcat on Linux with the Apache web server.
> All the examples are running well. But our servlet (running well with
> JServ) makes me sick. I installed all necessary files in
> $TOMCAT/webapps/reporting as described in various papers. The web.xml
> file looks like this: <?xml version="1.0"
> encoding="ISO-8859-1"?> <!DOCTYPE web-app
>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
>     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> <web-app>
>   <servlet>
>     <servlet-name>Reporting</servlet-name>
>
> <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>
>
>     <init-param>
>       <param-name>db.driver</param-name>
>       <param-value>oracle.jdbc.driver.OracleDriver</param-value>
>     </init-param>
>     <init-param>
>       ... other init parameters ...    </init-param>
>     <init-param>
>       <param-name>html.entries_new</param-name>
>       <param-value>2</param-value>
>     </init-param>
>   </servlet>
>   <servlet-mapping>
>     <servlet-name>Reporting</servlet-name>
>     <url-pattern>/reporting</url-pattern>
>   </servlet-mapping>
> </web-app> I added the following line in
> $TOMCAT/conf/server.xml:         <Context path="/reporting"
> docBase="webapps/reporting" debug="9" reloadable="true">
> </Context> And $TOMCAT/conf/tomcat.conf look like
> this: ###############################################################################
>
> #                     Apache JServ Configuration
> File                         #
>
> ###############################################################################
> Note: this file should be appended or included into your httpd.conf #
> Tell Apache on Unix to load the Apache JServ communication module
> # For shared object builds only!!!
> # @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so
> LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule
> mod_jserv.c>
> # Do not edit!
> ApJServManual on
> ApJServDefaultProtocol ajpv12
> ApJServSecretKey DISABLED
> ApJServMountCopy on
> ApJServLogLevel notice
> ApJServLogFile DISABLED### Change if you run tomcat on a different
> host
> #ApJServDefaultHost localhost
> ApJServDefaultPort 8007
> #################### All jsp files will go to tomcat
> ####################
> #ApJServMount default /root AddType text/jsp .jsp
> AddHandler jserv-servlet .jsp ############################## Context
> mapping - you need to "deploy"
> # ( copy or ln -s ) the context into htdocs
> ## ApJServMount /examples /root
> ApJServMount /reporting /root
> ApJServMount /test /root
> ApJServMount /servlet /root </IfModule> I removed all access
> restriction to the reporting directories in httpd.conf. So it should
> be accessed from anyone from everywhere, but no, it allways ask me
> three times a user id and password to log in. Has anyone an idea what
> is going wrong or what I is configured wrong? Best regards and thanks
> for any suggestions, Joel Rouiller / infometis ag

Mime
View raw message