tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Elodie Tasia <...@informactis.com>
Subject Re: Access control with Tomcat 4.0.3 ?
Date Mon, 14 Apr 2003 06:35:29 GMT
Thank you very much, this tutorial is quite clear... but there's something I haven't understood
yet (I didn't find the answer in this tutorial, or maybe I didn't care enough) :
Imagine that we have some users/roles/... defined in the configuration file, and an URL in
the login-config indicating the login page. That's OK.
But I don't see the link between this login page and Tomcat : how does it konw a user has
logged after he has typed his login and password in this page ?
And so, how can I so the same thing in my servlets ? I would like to use just on "user" login
to identify all authorised users, because they are so many that I can't put all login/pass
in the configuration file. Is that possible, and how ?

Thanx in advance....


> This page might help...
> 
> http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity.html#wp79663
> 
> -Tim
> 
> Elodie Tasia wrote:
> > How does Tomcat recognize what a "user" is (in role-name) ? Have I to define it
somewhere ?
> > And what do you mean with Custom Authentictor ? Is that a servlet or something else
? or I must configure that, like the example you gave to me ?
> > 
> > Thanx for the answer.
> > 
> > 
> >>You may need to implement your own Custom Authentictor and/or Realm to do
> >>this.  Otherwise (or in addition to) add the following to your web.xml file:
> >>
> >><security-constraint>
> >>  <web-resource-collection>
> >>     <web-resource-name>My Web-App</web-resource-name>
> >>     <url-pattern>/*</url-pattern>
> >>   </web-resource-collection>
> >>   <auth-constraint>
> >>      <!-- in my webapps, the Realm assigns all authenticated users this
> >>role -->
> >>      <role-name>user</role-name>
> >>   </auth-constraint>
> >> </security-constraint>
> >>
> >>"Elodie Tasia" <eta@informactis.com> wrote in message
> >>news:20030411091050.5f25060d.eta@informactis.com...
> >>
> >>>Hi,
> >>>
> >>>I'm working on a site web that was deployed in the /ebapps directory of
> >>
> >>Tomcat ( i.e. HTML files in /webapps/mydirectory and servlets in
> >>/webapps/mydirectory/WEB-INF).
> >>
> >>>This web site has his own logging system, so only authorised users can
> >>
> >>access it.. theorically, because I noticed that anyone can enter the url of
> >>any page in his browser and see it.
> >>
> >>>So I need Tomcat to deny the access at my application when the user is not
> >>
> >>logged in.
> >>
> >>>Is it possible ? How can I do this ? Is there a configuration file for
> >>
> >>that ? I already searched in the manual, but I didn't find...
> >>
> >>>I'm using Tomcat 4.0.3 alon (not with Apache).
> >>>
> >>>Thanx in advance.
> >>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message