tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Elodie Tasia <...@informactis.com>
Subject Re: Access control with Tomcat 4.0.3 ?
Date Fri, 11 Apr 2003 08:56:26 GMT

How does Tomcat recognize what a "user" is (in role-name) ? Have I to define it somewhere
?
And what do you mean with Custom Authentictor ? Is that a servlet or something else ? or I
must configure that, like the example you gave to me ?

Thanx for the answer.

> You may need to implement your own Custom Authentictor and/or Realm to do
> this.  Otherwise (or in addition to) add the following to your web.xml file:
> 
> <security-constraint>
>   <web-resource-collection>
>      <web-resource-name>My Web-App</web-resource-name>
>      <url-pattern>/*</url-pattern>
>    </web-resource-collection>
>    <auth-constraint>
>       <!-- in my webapps, the Realm assigns all authenticated users this
> role -->
>       <role-name>user</role-name>
>    </auth-constraint>
>  </security-constraint>
> 
> "Elodie Tasia" <eta@informactis.com> wrote in message
> news:20030411091050.5f25060d.eta@informactis.com...
> > Hi,
> >
> > I'm working on a site web that was deployed in the /ebapps directory of
> Tomcat ( i.e. HTML files in /webapps/mydirectory and servlets in
> /webapps/mydirectory/WEB-INF).
> > This web site has his own logging system, so only authorised users can
> access it.. theorically, because I noticed that anyone can enter the url of
> any page in his browser and see it.
> > So I need Tomcat to deny the access at my application when the user is not
> logged in.
> > Is it possible ? How can I do this ? Is there a configuration file for
> that ? I already searched in the manual, but I didn't find...
> >
> > I'm using Tomcat 4.0.3 alon (not with Apache).
> >
> > Thanx in advance.
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message