tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rosaria Silipo" <rosariasil...@yahoo.com>
Subject RE: problems with web.xml and security
Date Tue, 17 Jun 2003 23:06:39 GMT


I do not necessarely want the context /secure, but I want that all files
in the directory webapp/secure are protected.

Do I still need two web.xml files?
I do I include webapp/secure into the root context?

Thanks

-- Rosaria

-----Original Message-----
From: Jon Eaves [mailto:jon@eaves.org] 
Sent: Tuesday, June 17, 2003 3:52 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security

You need 2 web.xml files.

In / (or ROOT) for the context that maps to

http://my.domain.com/

and in the web application defined by the context /secure
which may be in the subdirectory webapps/secure, or it
may be webapps/secure.war, or it may be webapps/somethingelse
and have  <Context> element in conf/server.xml point to the
appropriate web application.

This will map to http://my.domain.com/secure

Remember, we're talking about web applications, and *not*
directories.

So, in the web application that you have defined to be
the context /secure, put the security constraint of /*

That will apply to all file *in that context*.  Different
contexts have different web.xml files.  Directories are only
relevant _within_ a web application.

Cheers,
	-- jon

Rosaria Silipo wrote:

> 
> Sorry, my mistake!
> It worked because in the meantime I removed /secure.
> If I rebuild /secure, I can still access it without being
authenticated.
> 
> Summary: I have web.xml for / and web.xml for /secure.
> Without web.xml in /secure/web/WEB-INF I can not build /secure in the
> web application.
> 
> How do I include /secure in the root web application?
> 
> Thanks
> 
> -- Rosaria
> 
> 
> -----Original Message-----
> From: Jon Eaves [mailto:jon@eaves.org] 
> Sent: Tuesday, June 17, 2003 3:04 PM
> To: Tomcat Users List
> Subject: Re: problems with web.xml and security
> 
> Rosaria Silipo wrote:
> 
> 
>>Thanks Carl,
>>
>>Yes, I tried to see /secure as first thing and I can see it without
>>authentication.
>>I tried to close browser and restart it and I still could see it.
>>Maybe the problem is on the web.xml of /secure. Is it possible?
>>
>>-- Rosaria
> 
> 
> If I'm reading your sentence correctly, then yes.
> 
> If /secure is a different web application than / (or ROOT)
> then the different contexts will process different web.xml files.
> 
> The /* is relative to the root of the web application, not to
> the Tomcat installation.
> 
> Cheers,
> 	-- jon
> 

-- 
Jon Eaves <jon@eaves.org>
http://www.eaves.org/jon
Co-Author of "Apache Tomcat Bible", Wiley 2003


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message