Return-Path: 
 <tomcat-user-return-68233-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 66646 invoked from network); 17 Jun 2003 17:49:31 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 17 Jun 2003 17:49:31 -0000
Received: (qmail 18534 invoked by uid 97); 17 Jun 2003 17:51:53 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 18527 invoked from network); 17 Jun 2003 17:51:52 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 17 Jun 2003 17:51:52 -0000
Received: (qmail 14885 invoked by uid 500); 17 Jun 2003 16:51:45 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 99369 invoked from network); 17 Jun 2003 16:46:45 -0000
Received: from smtp6.mindspring.com (207.69.200.110)
  by daedalus.apache.org with SMTP; 17 Jun 2003 16:46:45 -0000
Received: from h-68-164-77-85.snvacaid.covad.net ([68.164.77.85]
 helo=SuperTopina)
	by smtp6.mindspring.com with esmtp (Exim 3.33 #1)
	id 19SJbc-0006Bm-00
	for tomcat-user@jakarta.apache.org; Tue, 17 Jun 2003 12:46:48 -0400
Reply-To: <rosariasilipo@yahoo.com>
From: "Rosaria Silipo" <rosariasilipo@yahoo.com>
To: <tomcat-user@jakarta.apache.org>
Subject: problems with web.xml and security
Date: Tue, 17 Jun 2003 09:46:35 -0700
Message-ID: <001301c334f0$0400c2e0$930017ac@SuperTopina>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


Hi,

I am trying to set up Tomcat as a secure web engine.
>From the tutorial I understood that you should insert the following
lines in web.xml and the password protection should work.

This works perfectly for files in the root directory (/*), it does not
work for files in subdirectories, like /secure/*.

Have you have ever seen this problem before?

Thanks for any help

-- Rosaria

<!DOCTYPE web-app 
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
...

<!-- SECURITY CONSTRAINT -->
<security-constraint>
  <web-resource-collection>
     <web-resource-name>Secure Pages</web-resource-name>
     <description>Security constraint on all files</description>
     <url-pattern>/*</url-pattern>
     <url-pattern>/secure/*</url-pattern>
     <http-method>POST</http-method>
     <http-method>GET</http-method>
  </web-resource-collection>

  <auth-constraint>
    <description>admin can login</description>
     <role-name>admin</role-name>
  </auth-constraint>

   <user-data-constraint>
     <description>SSL not required</description>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<session-config>
   <session-timeout>30</session-timeout>
</session-config>

<!-- LOGIN AUTHENTICATION -->

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name> 
  <form-login-config>
    <form-login-page>/LoginForm.html</form-login-page>
    <form-error-page>/LoginError.html</form-error-page>
  </form-login-config>

</login-config>

<!-- SECURITY ROLES -->

<security-role>
   <description>The most secure role</description>
   <role-name>admin</role-name>
</security-role>

</web-app>


-- Rosaria



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org