tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: problems with web.xml and security
Date Wed, 18 Jun 2003 06:45:34 GMT
<servlet-mapping> and <mime-mapping> are optional elements.  If you don't
need them, then they don't have to be there.

If you remove the <session-config>, then the rest of what is posted of your
web.xml is valid (even if the /secure/* is implied by the /*, but that
shouldn't matter).  I'm still going to guess that there are errors in your
log files (esp. catalina.out) that will tell you more about the problem.

If I'm wrong, then it sounds like it should be easy enough for you to strip
down your app to something generic (e.g. I don't need to know anything about
your proprietary  Beans), and wrap it up in a war file ("jar cf bug.war
bugapp"), and attach it to a bug report at
http://nagoya.apache.org/bugzilla.

"Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
news:004801c33556$d1534220$930017ac@SuperTopina...
>
> I am a bit confused.
> I do not have any <servlet-mapping> or <mime-mapping> (do I need them?)
> and I followed the order as it is in the tutorial.
> Even removing <session-config>, /secure/* is not authenticated and /*
> is.
>
> -- Rosaria
>
>
> -----Original Message-----
> From: news [mailto:news@main.gmane.org] On Behalf Of Bill Barker
> Sent: Tuesday, June 17, 2003 8:16 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: problems with web.xml and security
>
> If you check your log files, you should see that it doesn't like your
> web.xml file because <session-config> comes after <servlet-mapping> and
> before <mime-mapping> (which both come before <security-constraint>).
> Tomcat 4.x is picky about enforcing the order of elements in your
> web.xml
> file (TC 3.3 is as well, at least by default).  The result is that
> Tomcat
> stopped reading your file as soon as it got to the <session-config>
> line.
>
> "Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
> news:001301c334f0$0400c2e0$930017ac@SuperTopina...
> >
> > Hi,
> >
> > I am trying to set up Tomcat as a secure web engine.
> > From the tutorial I understood that you should insert the following
> > lines in web.xml and the password protection should work.
> >
> > This works perfectly for files in the root directory (/*), it does not
> > work for files in subdirectories, like /secure/*.
> >
> > Have you have ever seen this problem before?
> >
> > Thanks for any help
> >
> > -- Rosaria
> >
> > <!DOCTYPE web-app
> >     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> >     "http://java.sun.com/dtd/web-app_2_3.dtd">
> >
> > <web-app>
> > ...
> >
> > <!-- SECURITY CONSTRAINT -->
> > <security-constraint>
> >   <web-resource-collection>
> >      <web-resource-name>Secure Pages</web-resource-name>
> >      <description>Security constraint on all files</description>
> >      <url-pattern>/*</url-pattern>
> >      <url-pattern>/secure/*</url-pattern>
> >      <http-method>POST</http-method>
> >      <http-method>GET</http-method>
> >   </web-resource-collection>
> >
> >   <auth-constraint>
> >     <description>admin can login</description>
> >      <role-name>admin</role-name>
> >   </auth-constraint>
> >
> >    <user-data-constraint>
> >      <description>SSL not required</description>
> >      <transport-guarantee>NONE</transport-guarantee>
> >    </user-data-constraint>
> > </security-constraint>
> >
> > <session-config>
> >    <session-timeout>30</session-timeout>
> > </session-config>
> >
> > <!-- LOGIN AUTHENTICATION -->
> >
> > <login-config>
> >   <auth-method>FORM</auth-method>
> >   <realm-name>default</realm-name>
> >   <form-login-config>
> >     <form-login-page>/LoginForm.html</form-login-page>
> >     <form-error-page>/LoginError.html</form-error-page>
> >   </form-login-config>
> >
> > </login-config>
> >
> > <!-- SECURITY ROLES -->
> >
> > <security-role>
> >    <description>The most secure role</description>
> >    <role-name>admin</role-name>
> > </security-role>
> >
> > </web-app>
> >
> >
> > -- Rosaria
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message