tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Tardell <si...@tardell.se>
Subject Re: Declarative security in context?
Date Sat, 20 Nov 2004 17:38:53 GMT
Wendy Smoak wrote:

>From: "Simon Tardell" <simon@tardell.se>
>  
>
>>I want to deploy multiple instances of the same webapp, with different
>>authorization rules. However, declarative security is done in the
>>web.xml of which there will only be one copy (referred by multiple
>>contexts).
>>    
>>
>
>I'm confused by why you say there's only one copy of web.xml.  In addition
>to the global web.xml, I also have one for each context.  Is there a reason
>why you can't do whatever you're trying to do in the web.xml that lives in
>.../webapps/yourContext/WEB-INF/ ?
>  
>
I was confused too. I was under (the wrong) impression that the 
war-files were not expanded. They are (but only if unpackWARs is true 
for the host) . So, assuming unpackWARs is true, after deploying, I can 
edit the web.xml. However this bothers me because of three reasons: 1/ 
It is not persistent. If I upgrade the web app, the old web.xml is 
replaced, along with the rest of the old version of the web app 
(correct?). This is a problem if we are talking security constraints. 2/ 
There is a time window during which a web app is open until I have 
edited the web.xml (assuming that the default of the web app is to have 
no constraints). 3/ In the scenario where more than one webapp make upp 
a website security constraints have to be specified in more than one 
place. It'd be handy to be able to specify at the host level that all 
URLs hierarchically under /foo/bar are protected this way and all under 
/baz some other way regardless of how many webapps that are mounted 
under each namespace.

So, to rephrase my question, how would I go about specifying security 
constraints on the host level from the outside of any webapp? It is 
probably easier than I think.

Simon

Simon Tardell, simon@tardell.se, +46 70 3198319

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message