tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Eaves <>
Subject Re: problems with web.xml and security
Date Tue, 17 Jun 2003 22:51:56 GMT
You need 2 web.xml files.

In / (or ROOT) for the context that maps to

and in the web application defined by the context /secure
which may be in the subdirectory webapps/secure, or it
may be webapps/secure.war, or it may be webapps/somethingelse
and have  <Context> element in conf/server.xml point to the
appropriate web application.

This will map to

Remember, we're talking about web applications, and *not*

So, in the web application that you have defined to be
the context /secure, put the security constraint of /*

That will apply to all file *in that context*.  Different
contexts have different web.xml files.  Directories are only
relevant _within_ a web application.

	-- jon

Rosaria Silipo wrote:

> Sorry, my mistake!
> It worked because in the meantime I removed /secure.
> If I rebuild /secure, I can still access it without being authenticated.
> Summary: I have web.xml for / and web.xml for /secure.
> Without web.xml in /secure/web/WEB-INF I can not build /secure in the
> web application.
> How do I include /secure in the root web application?
> Thanks
> -- Rosaria
> -----Original Message-----
> From: Jon Eaves [] 
> Sent: Tuesday, June 17, 2003 3:04 PM
> To: Tomcat Users List
> Subject: Re: problems with web.xml and security
> Rosaria Silipo wrote:
>>Thanks Carl,
>>Yes, I tried to see /secure as first thing and I can see it without
>>I tried to close browser and restart it and I still could see it.
>>Maybe the problem is on the web.xml of /secure. Is it possible?
>>-- Rosaria
> If I'm reading your sentence correctly, then yes.
> If /secure is a different web application than / (or ROOT)
> then the different contexts will process different web.xml files.
> The /* is relative to the root of the web application, not to
> the Tomcat installation.
> Cheers,
> 	-- jon

Jon Eaves <>
Co-Author of "Apache Tomcat Bible", Wiley 2003

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message