tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: password protection
Date Wed, 15 Feb 2006 15:46:06 GMT
Zohar Amir a écrit :

> Thank you again,
> I've set a security-constraint on the context (in the web.xml), and it
> works OK now.
> What I'd like to know is:
> 1. Can I do it anywhere else other than the web.xml, so that the
> deployer can control this and not the developer?

No, but on some webapplication container there is the possibility to map
from application roles to real roles (eg, the 'admin' role of app XYZ is
in fact the role PublicationManager). But am not sure tomcat handles this.

> 2. Can I set it for a group of contexts, so that they will all be able
> to use request.getPricipal() and have the user name that logged in?

When authenticated, request.getPrincipal() returns the authenticated
principal

>
>
> ----- Original Message ----- From: "David Delbecq" <delbd@oma.be>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Wednesday, February 15, 2006 3:05 PM
> Subject: Re: password protection
>
>
>> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html
>> http://www.cafesoft.com/products/cams/tomcat-security.html
>>
>> for other ones, use favorite search engine.
>>
>> Zohar Amir a écrit :
>>
>>> Thanks,
>>> Where can I find info on how exactly to do this? maybe an example...?
>>> ----- Original Message ----- From: "David Delbecq" <delbd@oma.be>
>>> To: "Tomcat Users List" <users@tomcat.apache.org>
>>> Sent: Wednesday, February 15, 2006 2:52 PM
>>> Subject: Re: password protection
>>>
>>>
>>>> Zohar Amir a écrit :
>>>>
>>>>> Hello,
>>>>> I'm using tomcat 5.5.15 on Win XP.
>>>>> I have a servlet that is deployed on a certain context. I would like
>>>>> anyone trying to use that servlet use a username-password. how do
>>>>> I do
>>>>> this?
>>>>
>>>>
>>>>
>>>> set a security-constrain in WEB-INF/web.xml
>>>>
>>>>> What if I need to protect a jsp that is part of the servlet?
>>>>
>>>>
>>>>
>>>> You mean to prevent direct loading of a jsp included by your servlet?
>>>> Same thing, add a security-constraint to the url of your jsp.
>>>>
>>>>> Thanks,
>>>>> Zohar.
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message