tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Access control with Tomcat 4.0.3 ?
Date Fri, 11 Apr 2003 08:13:21 GMT
You may need to implement your own Custom Authentictor and/or Realm to do
this.  Otherwise (or in addition to) add the following to your web.xml file:

     <web-resource-name>My Web-App</web-resource-name>
      <!-- in my webapps, the Realm assigns all authenticated users this
role -->

"Elodie Tasia" <> wrote in message
> Hi,
> I'm working on a site web that was deployed in the /ebapps directory of
Tomcat ( i.e. HTML files in /webapps/mydirectory and servlets in
> This web site has his own logging system, so only authorised users can
access it.. theorically, because I noticed that anyone can enter the url of
any page in his browser and see it.
> So I need Tomcat to deny the access at my application when the user is not
logged in.
> Is it possible ? How can I do this ? Is there a configuration file for
that ? I already searched in the manual, but I didn't find...
> I'm using Tomcat 4.0.3 alon (not with Apache).
> Thanx in advance.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message