tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Coble" <Jim.Co...@duke.edu>
Subject Question about Tomcat 4.1.12 WebDAV application
Date Wed, 08 Jan 2003 15:34:06 GMT
Version: Tomcat 4.1.12 on Solaris 8

I'm trying to configure the WebDAV application included in the Tomcat
4.1.12 distribution so that it requires a login to add or remove files but
not to view them.

If I use the web.xml security-constraint contained in the distribution --

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>The Entire Web Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>

-- then all attempts to access the content, including a simple browser
request for <http://localhost:8080/webdav/> require a login.

I thought I could password protect only adding and removing files by adding
<http-method> for PUT and DELETE as shown below --

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>The Entire Web Application</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>

  -- but, if I do that, I seem to be able to add and remove files using my
WebDAV client (Web Folders on Windows XP) without authenticating.

I can't help but think that I'm missing something obvious.  Can anyone
help?

Thanks in advance.
--Jim

==================================
Jim Coble
Senior Technology Specialist
Center for Instructional Technology
Email: jim.coble@duke.edu
Voice: 919-660-5974  Fax: 919-660-5923
Box 90198, Duke University
Durham, NC 27708-0198
==================================




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message