tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colic, Alex" <alex.co...@rbc.com>
Subject How to set up a security constraint?
Date Fri, 30 Aug 2002 14:23:38 GMT

Hi,

I have a web site with the following directory structure:

root/admin/sysop.

I only want certain people to have access to the admin section and only
other people to have access to the sysop section.

I have created two users in the  tomcat-users.xml file:

  <role rolename="sysop"/>
  <role rolename="admin"/>
  <user username="admin" password="test1" roles="admin"/>
  <user username="sysop" password="test2" roles="sysop"/>

In the server.xml file I have uncommented the:

<Realm className="org.apache.catalina.realm.MemoryRealm" /> line.

Then in the web.xml file I have added the following:

  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin Pages</web-resource-name>
        <url-pattern>/admin</url-pattern>
     </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
   </security-constraint>

  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Sysop Pages</web-resource-name>
        <url-pattern>/admin/sysop/*</url-pattern>
     </web-resource-collection>
    <auth-constraint>
        <role-name>sysop</role-name>
    </auth-constraint>
   </security-constraint>

   <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Admin Pages</realm-name>
   </login-config>

   <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Sysop Pages</realm-name>
   </login-config>

This is where my problem is. User admin and sysop can access both the admin
and the sysop sections. I must have set the security constraint incorrect.
Can someone please point out what is wrong.

Thanks

Alex


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This e-mail may be privileged and/or confidential, and the sender does not waive any related
rights and obligations. Any distribution, use or copying of this e-mail or the information
it contains by other than an intended recipient is unauthorized. If you received this e-mail
in error, please advise me (by return e-mail or otherwise) immediately. 

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations
qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements
qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite.
Si vous recevez ce courriel par erreur, veuillez m'en aviser immédiatement, par retour de
courriel ou par un autre moyen. 


==============================================================================

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message