tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <>
Subject Re: Realms and Static pages
Date Wed, 17 Nov 2004 12:02:12 GMT
On Wed, Nov 17, 2004 at 11:34:48AM -0000, Chris Chappell wrote:
: How can I protect static pages on my Tomcat powered site with username/role +
: password information from my jdbc realm?

Use the standard roles/auth constraints in web.xml.  See the servlet
spec, or some random servlet/JSP articles/books, for details.

: I have some help pages under /MyContext/help. I cannot find how to put them
: under /MyContext/WEB-INF/help.
: Anybody help? (There's only a few static pages, so it would be overkill to run
: apache as well)

Yes: don't put them under WEB-INF unless you want to write code to serve
them yourself. =) By default, files under WEB-INF are *not* available
for standard requests (HTTP/GET, HTTP/POST, etc).  This prevents
would-be miscreants from downloading the app's code and config files.



software  --
tech news --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message