tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Boston" <step...@avue.bc.ca>
Subject Re: need help with security setup (Correction)
Date Wed, 30 Aug 2000 20:15:33 GMT
Sorry : I miswrote : 
the context is "bar" not "bottle" 

I have corrected the code below.

Very sorry.

On 30 Aug 2000, at 12:50, Stephen Boston wrote:

> 
> I am basing my security setup on the tomcat 3.1 examples/web-
> inf/web.xml example.
> 
> I have a context "bar"
> 
> tomcat/webapps/bar/bottle/
> tomcat/webapps/bar/WEB-INF/web.xml
> 
> The myapp context is created by Tomcat and its servlets are reachable 
> through that context.
> 
> in the above web.xml file I have these lines :
> 
> <security-constraint>     
>  <web-resource-collection>
>      <web-resource-name>Bottle Protected</web-resource-name>
>      <url-pattern>/bottle/*</url-pattern>
>      <http-method>DELETE</http-method>
>       <http-method>GET</http-method>
>       <http-method>POST</http-method>
>       <http-method>PUT</http-method>
>   </web-resource-collection>
>        
>   <auth-constraint>
>     <role-name>stephen</role-name>
>    </auth-constraint>
>       
> </security-constraint>
> 
>     <!-- Default login configuration uses BASIC authentication -->
>     <login-config>
>       <auth-method>BASIC</auth-method>
>       <realm-name>Bottle Protected </realm-name>
>     </login-config>
> 
> It seems to me that this is identical to tomcat's 
> examples/jsp/protected -- which works. I can not enter the 
> jsp/protected area without supplying a valid user and pass.
> 
> However I get a 404 on  http://localhost:8080/bottle/j_security_check
> 
> By the way -- do I have to store my users in tomcat-users.xml? 
> 



Mime
View raw message