tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephane Letinois <S.letin...@coneco-gmbh.de>
Subject AW: AW: Access control with Tomcat 4.0.3 ?
Date Fri, 11 Apr 2003 10:40:29 GMT
as quick solution you can change html pages into jsp
but filtering could be an elegant method and it's not complex to use : a
filter to code (which only checks the session) and mapping of targets to set
here are some interesting links and there are already filter examples in
tomcat
http://java.sun.com/products/servlet/Filters.html
http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi_p.html
http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters_p.html 

avec tout ca ca devrait rouler !

-----Ursprungliche Nachricht-----
Von: Elodie Tasia [mailto:eta@informactis.com]
Gesendet: Freitag, 11. April 2003 11:50
An: Tomcat Users List
Betreff: Re: AW: Access control with Tomcat 4.0.3 ?




> Another possibility :
> Is the logging system managed with a servlet for this website ? If yes a
> variable can be inserted in the session and all servlets and jsp must
check
> it.

Yes, I do that : every time a servlet is called, it checked whether the user
is logged or not (with variables in session).
My problem is when a user tries to see an HTML page, because I don't knowh
how to check whether he's autorised or not.

> Or why not doing that with a filter (thus other ressources like html
> page could be protected too).

How does work a filter ? Is it complex to set ?

> 
> -----Ursprungliche Nachricht-----
> Von: Elodie Tasia [mailto:eta@informactis.com]
> Gesendet: Freitag, 11. April 2003 10:56
> An: Tomcat Users List
> Betreff: Re: Access control with Tomcat 4.0.3 ?
> 
> 
> 
> How does Tomcat recognize what a "user" is (in role-name) ? Have I to
define
> it somewhere ?
> And what do you mean with Custom Authentictor ? Is that a servlet or
> something else ? or I must configure that, like the example you gave to me
?
> 
> Thanx for the answer.
> 
> > You may need to implement your own Custom Authentictor and/or Realm to
do
> > this.  Otherwise (or in addition to) add the following to your web.xml
> file:
> > 
> > <security-constraint>
> >   <web-resource-collection>
> >      <web-resource-name>My Web-App</web-resource-name>
> >      <url-pattern>/*</url-pattern>
> >    </web-resource-collection>
> >    <auth-constraint>
> >       <!-- in my webapps, the Realm assigns all authenticated users this
> > role -->
> >       <role-name>user</role-name>
> >    </auth-constraint>
> >  </security-constraint>
> > 
> > "Elodie Tasia" <eta@informactis.com> wrote in message
> > news:20030411091050.5f25060d.eta@informactis.com...
> > > Hi,
> > >
> > > I'm working on a site web that was deployed in the /ebapps directory
of
> > Tomcat ( i.e. HTML files in /webapps/mydirectory and servlets in
> > /webapps/mydirectory/WEB-INF).
> > > This web site has his own logging system, so only authorised users can
> > access it.. theorically, because I noticed that anyone can enter the url
> of
> > any page in his browser and see it.
> > > So I need Tomcat to deny the access at my application when the user is
> not
> > logged in.
> > > Is it possible ? How can I do this ? Is there a configuration file for
> > that ? I already searched in the manual, but I didn't find...
> > >
> > > I'm using Tomcat 4.0.3 alon (not with Apache).
> > >
> > > Thanx in advance.
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message