Return-Path: 
 <tomcat-user-return-34542-qmlist-jakarta-archive-tomcat-user=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 71705 invoked from network); 23 Sep 2002 08:13:30 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 23 Sep 2002 08:13:30 -0000
Received: (qmail 25692 invoked by uid 97); 23 Sep 2002 08:14:04 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org
Received: (qmail 25660 invoked by uid 97); 23 Sep 2002 08:14:03 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 25648 invoked by uid 98); 23 Sep 2002 08:14:03 -0000
X-Antivirus: nagoya (v4218 created Aug 14 2002)
Message-ID: <70DD0724686ED611ACC70050228A1ECA06DC89@SRV_1>
From: Andreas Mohrig <andreas.mohrig@cadooz.de>
To: 'Tomcat Users List' <tomcat-user@jakarta.apache.org>
Subject: RE: Protecting Resources
Date: Mon, 23 Sep 2002 10:16:03 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

In your web.xml (after the servlet-mappings) you can define one or more
security constraints like this:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/secure/*</url-pattern>
        </web-resource-collection>

        <auth-constraint>
            <role-name>secure</role-name>
        </auth-constraint>
    </security-constraint>
 
All you have to do then is put everything you want to protect into some
subdirectory (e.g. "secure"). Although this does not seem to be strictly
necessary with tomcat, you might want to define the role as well (further
down in your web.xml):

    <security-role>
        <role-name>secure</role-name>
    </security-role>

Hope that helps.

Andreas Mohrig

-----Original Message-----
From: ed banfa [mailto:e_banfa@yahoo.com]
Sent: Monday, September 23, 2002 9:39 AM
To: tomcat-user@jakarta.apache.org
Subject: Protecting Resources



Goodday to u all,

Ok I would like to restrict access to certain resources will allow access to
others, eg

I would likw to allow access to the url http://localhost:8080 which inshort
will allow access to  index.html and only that.i would like to disallow
access to other resources in the site to only authenticated user's.

My problem is that how do I specify how to access only the index page, and
restrict others resources my deployment discriptors

I would appreciate any form of help offered 

Thank u

Edward



---------------------------------
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>