tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Chappell" <chr...@dive100.freeserve.co.uk>
Subject Re: Realms and Static pages
Date Wed, 17 Nov 2004 13:25:27 GMT
Thanks QM but I' still not sure what to do!

In my web.xml I have for example  (standard stuff!)

<servlet>
<servlet-name>Config</servlet-name>
<servlet-class>org.myorg.config.Config</servlet-class>
</servlet>

with a mapping and security contraint.

I have searched throught the web.xml options below and cannot work out which one for static
html pages.

Or do you you use servlet like
 
<servlet>
<servlet-name>HelpPage</servlet-name>
<servlet-class>/HelpPage.html</servlet-class>
</servlet>

with  forward slash to show root context folder. I've serached high and low on the net - all
the examples (and in the TC examples) don't restrict static pages.
I'm sure its easy when you know how, but .... :-)  


<!--
"(icon?,display-name?,description?,distributable?,context-param*,filter*,filter-
mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,welco
me-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security-const
raint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*)".
-->


Chris Chappell

----- Original Message ----- 
From: "QM" <qm300@brandxdev.net>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Wednesday, November 17, 2004 12:02 PM
Subject: Re: Realms and Static pages


> On Wed, Nov 17, 2004 at 11:34:48AM -0000, Chris Chappell wrote:
> : How can I protect static pages on my Tomcat powered site with username/role +
> : password information from my jdbc realm?
> 
> Use the standard roles/auth constraints in web.xml.  See the servlet
> spec, or some random servlet/JSP articles/books, for details.
> 
> 
> : I have some help pages under /MyContext/help. I cannot find how to put them
> : under /MyContext/WEB-INF/help.
> : Anybody help? (There's only a few static pages, so it would be overkill to run
> : apache as well)
> 
> Yes: don't put them under WEB-INF unless you want to write code to serve
> them yourself. =) By default, files under WEB-INF are *not* available
> for standard requests (HTTP/GET, HTTP/POST, etc).  This prevents
> would-be miscreants from downloading the app's code and config files.
> 
> 
> -QM
> 
> -- 
> 
> software  -- http://www.brandxdev.net
> tech news -- http://www.RoarNetworX.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message