tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: How to secure a folder?
Date Wed, 01 Feb 2006 20:54:05 GMT
Fran├žois wrote:
> I've successfully implemented this type of authentication for jsp files 
> (using <url-pattern>/path/to/my/folder/*</url-pattern>), but any other 
> type of ressources, and in particular .txt type of files, are not 
> protected at all. 

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Test</web-resource-name>
      <url-pattern>/test/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

Works for me. I added /test/test.txt and was prompted for my credentials.

Note you will only get promted for a password once. The browser then
caches it and sends it with all subsequent requests to that host until
upi close the browser.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message