tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Boston" <step...@avue.bc.ca>
Subject need help with security setup
Date Wed, 30 Aug 2000 19:48:54 GMT

I am basing my security setup on the tomcat 3.1 examples/web-
inf/web.xml example.

I have a context "bottle"

tomcat/webapps/bottle
tomcat/webapps/bottle/WEB-INF/
tomcat/webapps/bottle/WEB-INF/web.xml

This context is created by Tomcat and its servlets are reachable 
through that context.

in the above web.xml file I have these lines :

<security-constraint>     
 <web-resource-collection>
     <web-resource-name>Bottle Protected</web-resource-name>
     <url-pattern>/bottle/*</url-pattern>
     <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
  </web-resource-collection>
       
  <auth-constraint>
    <role-name>stephen</role-name>
   </auth-constraint>
      
</security-constraint>

    <!-- Default login configuration uses BASIC authentication -->
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Bottle Protected </realm-name>
    </login-config>

It seems to me that this is identical to tomcat's 
examples/jsp/protected -- which works. I can not enter the 
jsp/protected area without supplying a valid user and pass.

By the way -- do I have to store my users in tomcat-users.xml? 



Mime
View raw message