tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Access control with Tomcat 4.0.3 ?
Date Fri, 11 Apr 2003 08:13:21 GMT
You may need to implement your own Custom Authentictor and/or Realm to do
this.  Otherwise (or in addition to) add the following to your web.xml file:

<security-constraint>
  <web-resource-collection>
     <web-resource-name>My Web-App</web-resource-name>
     <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <!-- in my webapps, the Realm assigns all authenticated users this
role -->
      <role-name>user</role-name>
   </auth-constraint>
 </security-constraint>

"Elodie Tasia" <eta@informactis.com> wrote in message
news:20030411091050.5f25060d.eta@informactis.com...
> Hi,
>
> I'm working on a site web that was deployed in the /ebapps directory of
Tomcat ( i.e. HTML files in /webapps/mydirectory and servlets in
/webapps/mydirectory/WEB-INF).
> This web site has his own logging system, so only authorised users can
access it.. theorically, because I noticed that anyone can enter the url of
any page in his browser and see it.
> So I need Tomcat to deny the access at my application when the user is not
logged in.
> Is it possible ? How can I do this ? Is there a configuration file for
that ? I already searched in the manual, but I didn't find...
>
> I'm using Tomcat 4.0.3 alon (not with Apache).
>
> Thanx in advance.




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message