tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Henderson" <...@metafile.com>
Subject RE: Override WAR file security settings.
Date Tue, 23 Aug 2005 14:51:45 GMT
By the lack of response to my question, I take it that it is not possible to
override the following web.xml settings by redefining them in Tomcat’s
server.xml ????

	<security-constraint>
	<login-config>
	<security-role>

Any changes to those values must be made after the application has been
deployed by editing the deployed web.xml.  Is that correct?  There is now
way to override then as can be done with Environment values?

Can someone confirm this or have I just missed something in the Tomcat
documentation?

Thanks....

-----Original Message-----
From: Jim Henderson [mailto:jgh@metafile.com]
Sent: Monday, August 22, 2005 3:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Override WAR file security settings.


I am working on a web application that can be used in two ways at the same
time depending on its URL.  The original WAR file has a web.xml that defines
tight security requiring form authentication with id and password.

In Tomcat’s server.xml I have two Contexts with different paths but to the
same docBase.  I can override various Resource and Environment settings
differently for each Context.  However, the war file by default defines
(among many other things):

	<security-constraint>
	<login-config>
	<security-role>

In one of the server.xml context definitions, I want to undefine the above
items (so the application just asks for the user ID).  Is that possible?  Or
is there some other way to neutralize them in the server.xml file?  The
application works as desired if I edit the deployed application’s web.XML
(located in webapps/… directory after Tomcat deploys the war file) and
completely remove the above settings.

The other mode (Context) requires the use of the above items and that works
OK.

Hope the above makes sense or have I abbreviated the description too much?

Thanks,
Jim



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message