tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <qm...@brandxdev.net>
Subject Re: Realms and Static pages
Date Wed, 17 Nov 2004 12:02:12 GMT
On Wed, Nov 17, 2004 at 11:34:48AM -0000, Chris Chappell wrote:
: How can I protect static pages on my Tomcat powered site with username/role +
: password information from my jdbc realm?

Use the standard roles/auth constraints in web.xml.  See the servlet
spec, or some random servlet/JSP articles/books, for details.


: I have some help pages under /MyContext/help. I cannot find how to put them
: under /MyContext/WEB-INF/help.
: Anybody help? (There's only a few static pages, so it would be overkill to run
: apache as well)

Yes: don't put them under WEB-INF unless you want to write code to serve
them yourself. =) By default, files under WEB-INF are *not* available
for standard requests (HTTP/GET, HTTP/POST, etc).  This prevents
would-be miscreants from downloading the app's code and config files.


-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message