tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rosaria Silipo" <rosariasil...@yahoo.com>
Subject problems with web.xml and security
Date Tue, 17 Jun 2003 16:46:35 GMT

Hi,

I am trying to set up Tomcat as a secure web engine.
>From the tutorial I understood that you should insert the following
lines in web.xml and the password protection should work.

This works perfectly for files in the root directory (/*), it does not
work for files in subdirectories, like /secure/*.

Have you have ever seen this problem before?

Thanks for any help

-- Rosaria

<!DOCTYPE web-app 
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
...

<!-- SECURITY CONSTRAINT -->
<security-constraint>
  <web-resource-collection>
     <web-resource-name>Secure Pages</web-resource-name>
     <description>Security constraint on all files</description>
     <url-pattern>/*</url-pattern>
     <url-pattern>/secure/*</url-pattern>
     <http-method>POST</http-method>
     <http-method>GET</http-method>
  </web-resource-collection>

  <auth-constraint>
    <description>admin can login</description>
     <role-name>admin</role-name>
  </auth-constraint>

   <user-data-constraint>
     <description>SSL not required</description>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<session-config>
   <session-timeout>30</session-timeout>
</session-config>

<!-- LOGIN AUTHENTICATION -->

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name> 
  <form-login-config>
    <form-login-page>/LoginForm.html</form-login-page>
    <form-error-page>/LoginError.html</form-error-page>
  </form-login-config>

</login-config>

<!-- SECURITY ROLES -->

<security-role>
   <description>The most secure role</description>
   <role-name>admin</role-name>
</security-role>

</web-app>


-- Rosaria



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message