I beleive you can protect them with the <Location> directive.
On Wed, 24 May 2000, Ratz, Peter wrote:
> I have protected the /webapps/foo directory via apache.
> All static files are protected.
> But there is also a servlet within the same webapp.
> I can call this servlet with http://localhost/foo/servlet/fooservlet.
> The servlet response without authentication!?
>
> Is there a way to force authentication for this servlet?
>
> Thanks, Peter
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
>
>
|