tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Mohrig <andreas.moh...@cadooz.de>
Subject RE: Protecting Resources
Date Mon, 23 Sep 2002 08:16:03 GMT
In your web.xml (after the servlet-mappings) you can define one or more
security constraints like this:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/secure/*</url-pattern>
        </web-resource-collection>

        <auth-constraint>
            <role-name>secure</role-name>
        </auth-constraint>
    </security-constraint>
 
All you have to do then is put everything you want to protect into some
subdirectory (e.g. "secure"). Although this does not seem to be strictly
necessary with tomcat, you might want to define the role as well (further
down in your web.xml):

    <security-role>
        <role-name>secure</role-name>
    </security-role>

Hope that helps.

Andreas Mohrig

-----Original Message-----
From: ed banfa [mailto:e_banfa@yahoo.com]
Sent: Monday, September 23, 2002 9:39 AM
To: tomcat-user@jakarta.apache.org
Subject: Protecting Resources



Goodday to u all,

Ok I would like to restrict access to certain resources will allow access to
others, eg

I would likw to allow access to the url http://localhost:8080 which inshort
will allow access to  index.html and only that.i would like to disallow
access to other resources in the site to only authenticated user's.

My problem is that how do I specify how to access only the index page, and
restrict others resources my deployment discriptors

I would appreciate any form of help offered 

Thank u

Edward



---------------------------------
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message