Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 21577 invoked from network); 17 Jun 2003 19:29:43 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 17 Jun 2003 19:29:43 -0000 Received: (qmail 22260 invoked by uid 97); 17 Jun 2003 19:32:07 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 22253 invoked from network); 17 Jun 2003 19:32:06 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 17 Jun 2003 19:32:06 -0000 Received: (qmail 89643 invoked by uid 500); 17 Jun 2003 19:23:07 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 89411 invoked from network); 17 Jun 2003 19:23:05 -0000 Received: from postoffice.georgetown.edu (HELO georgetown.edu) (141.161.1.110) by daedalus.apache.org with SMTP; 17 Jun 2003 19:23:05 -0000 Received: from mailhost.georgetown.edu (mailhost.georgetown.edu [141.161.1.103]) by georgetown.edu (8.12.9/8.12.9) with ESMTP id h5HIc9rn001466 for ; Tue, 17 Jun 2003 14:47:00 -0400 (EDT) Received: from georgetown.edu ([141.161.223.5]) (user=walkerce mech=PLAIN bits=0) by mailhost.georgetown.edu (8.12.9/8.12.9) with ESMTP id h5HIb6B5020969 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Tue, 17 Jun 2003 14:37:08 -0400 (EDT) Message-ID: <3EEF5FD2.8C1DA723@georgetown.edu> Date: Tue, 17 Jun 2003 14:37:06 -0400 From: Carl Walker Organization: Georgetown University X-Sender: "Carl Walker" X-Mailer: Mozilla 4.78 [en]C-C-UDP; georgetownU-campus-4.7-08.06.2001 (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: problems with web.xml and security References: <001301c334f0$0400c2e0$930017ac@SuperTopina> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N In which way doesn't it work? Are you prohibited from viewing the files after logging in or can you see the files even if you haven't authenticated? -Carl Rosaria Silipo wrote: > Hi, > > I am trying to set up Tomcat as a secure web engine. > From the tutorial I understood that you should insert the following > lines in web.xml and the password protection should work. > > This works perfectly for files in the root directory (/*), it does not > work for files in subdirectories, like /secure/*. > > Have you have ever seen this problem before? > > Thanks for any help > > -- Rosaria > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd"> > > > ... > > > > > Secure Pages > Security constraint on all files > /* > /secure/* > POST > GET > > > > admin can login > admin > > > > SSL not required > NONE > > > > > 30 > > > > > > FORM > default > > /LoginForm.html > /LoginError.html > > > > > > > > The most secure role > admin > > > > > -- Rosaria > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org