tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: problems with web.xml and security
Date Wed, 18 Jun 2003 03:16:28 GMT
If you check your log files, you should see that it doesn't like your
web.xml file because <session-config> comes after <servlet-mapping> and
before <mime-mapping> (which both come before <security-constraint>).
Tomcat 4.x is picky about enforcing the order of elements in your web.xml
file (TC 3.3 is as well, at least by default).  The result is that Tomcat
stopped reading your file as soon as it got to the <session-config> line.

"Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
news:001301c334f0$0400c2e0$930017ac@SuperTopina...
>
> Hi,
>
> I am trying to set up Tomcat as a secure web engine.
> From the tutorial I understood that you should insert the following
> lines in web.xml and the password protection should work.
>
> This works perfectly for files in the root directory (/*), it does not
> work for files in subdirectories, like /secure/*.
>
> Have you have ever seen this problem before?
>
> Thanks for any help
>
> -- Rosaria
>
> <!DOCTYPE web-app
>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>     "http://java.sun.com/dtd/web-app_2_3.dtd">
>
> <web-app>
> ...
>
> <!-- SECURITY CONSTRAINT -->
> <security-constraint>
>   <web-resource-collection>
>      <web-resource-name>Secure Pages</web-resource-name>
>      <description>Security constraint on all files</description>
>      <url-pattern>/*</url-pattern>
>      <url-pattern>/secure/*</url-pattern>
>      <http-method>POST</http-method>
>      <http-method>GET</http-method>
>   </web-resource-collection>
>
>   <auth-constraint>
>     <description>admin can login</description>
>      <role-name>admin</role-name>
>   </auth-constraint>
>
>    <user-data-constraint>
>      <description>SSL not required</description>
>      <transport-guarantee>NONE</transport-guarantee>
>    </user-data-constraint>
> </security-constraint>
>
> <session-config>
>    <session-timeout>30</session-timeout>
> </session-config>
>
> <!-- LOGIN AUTHENTICATION -->
>
> <login-config>
>   <auth-method>FORM</auth-method>
>   <realm-name>default</realm-name>
>   <form-login-config>
>     <form-login-page>/LoginForm.html</form-login-page>
>     <form-error-page>/LoginError.html</form-error-page>
>   </form-login-config>
>
> </login-config>
>
> <!-- SECURITY ROLES -->
>
> <security-role>
>    <description>The most secure role</description>
>    <role-name>admin</role-name>
> </security-role>
>
> </web-app>
>
>
> -- Rosaria




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message