tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Declarative security in context?
Date Sat, 20 Nov 2004 22:30:58 GMT

"Simon Tardell" <> wrote in message
> Wendy Smoak wrote:
>>From: "Simon Tardell" <>
>>>I want to deploy multiple instances of the same webapp, with different
>>>authorization rules. However, declarative security is done in the
>>>web.xml of which there will only be one copy (referred by multiple
>>I'm confused by why you say there's only one copy of web.xml.  In addition
>>to the global web.xml, I also have one for each context.  Is there a 
>>why you can't do whatever you're trying to do in the web.xml that lives in
>>.../webapps/yourContext/WEB-INF/ ?
> I was confused too. I was under (the wrong) impression that the
> war-files were not expanded. They are (but only if unpackWARs is true
> for the host) . So, assuming unpackWARs is true, after deploying, I can
> edit the web.xml. However this bothers me because of three reasons: 1/
> It is not persistent. If I upgrade the web app, the old web.xml is
> replaced, along with the rest of the old version of the web app
> (correct?). This is a problem if we are talking security constraints. 2/
> There is a time window during which a web app is open until I have
> edited the web.xml (assuming that the default of the web app is to have
> no constraints). 3/ In the scenario where more than one webapp make upp
> a website security constraints have to be specified in more than one
> place. It'd be handy to be able to specify at the host level that all
> URLs hierarchically under /foo/bar are protected this way and all under
> /baz some other way regardless of how many webapps that are mounted
> under each namespace.
> So, to rephrase my question, how would I go about specifying security
> constraints on the host level from the outside of any webapp? It is
> probably easier than I think.

With TC 5.5, you can put them in $CATALINA_HOME/conf/<host>/web.xml.default.

> Simon
> Simon Tardell,, +46 70 3198319

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message