tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parsons Technical Services" <>
Subject Re: basic security tutorial
Date Fri, 03 Dec 2004 01:32:20 GMT
Is a start, but doesn't give a how to.
>From the web.xml for the examples with added comments.

<!--Starts the section. Located after jsp-config near end of file-->
 <!--A description for identification by you. In real world might be 
Salesmen Area. Or Admin Only-->
     <display-name>Example Security Constraint</display-name>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected  (* may 
only be used at end of string)-->
         <!--Follows file structure in the app. If you need different areas 
for different people, place in peer folders.-->
         <!-- If you list http methods, only those methods are protected -->
         <!-- Anyone with one of the listed roles may access this area -->

If you had another area to protect and its location was in /security/safe 
then create another complete security-constraint and use /security/safe/* as 
the url-pattern. Then define the role-name for this area for example:


This allows a user of role tomcat to access both areas but only role2 can 
get pages from safe.

Then define the roles.
    <!-- Security roles referenced by this web application -->

Now where Tomcat goes to look up the user/password to determine the role 
depends on the method you choose as discussed in the link.

If I have foobarred something, hopefully someone will be nice and correct me 


----- Original Message ----- 
From: "Jeff Ousley" <>
To: <>
Sent: Thursday, December 02, 2004 3:24 PM
Subject: basic security tutorial

> hello!
> does anyone know if there's a tutorial or reference on how to set up
> basic security using tomcat (5.5)? i'd like to get a better
> understanding of how to secure particular pages in a webapp.
> thanks!
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message