Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 16331 invoked from network); 15 Feb 2006 15:47:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Feb 2006 15:47:19 -0000 Received: (qmail 89269 invoked by uid 500); 15 Feb 2006 15:46:47 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 89235 invoked by uid 500); 15 Feb 2006 15:46:47 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 89208 invoked by uid 99); 15 Feb 2006 15:46:47 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2006 07:46:47 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of David.Delbecq@oma.be designates 193.190.231.71 as permitted sender) Received: from [193.190.231.71] (HELO bonnie.oma.be) (193.190.231.71) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2006 07:46:46 -0800 Received: from [193.190.249.120] (bonnie.oma.be [193.190.231.71]) by bonnie.oma.be (8.11.1 (Revision 1.5) /8.11.1) with ESMTP id k1FFkO811877 for ; Wed, 15 Feb 2006 15:46:24 GMT Message-ID: <43F34CBE.1070607@oma.be> Date: Wed, 15 Feb 2006 16:46:06 +0100 From: David Delbecq User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051017) X-Accept-Language: fr, en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: password protection References: <43F323F2.80407@oma.be> <43F32735.3010009@oma.be> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Zohar Amir a �crit : > Thank you again, > I've set a security-constraint on the context (in the web.xml), and it > works OK now. > What I'd like to know is: > 1. Can I do it anywhere else other than the web.xml, so that the > deployer can control this and not the developer? No, but on some webapplication container there is the possibility to map from application roles to real roles (eg, the 'admin' role of app XYZ is in fact the role PublicationManager). But am not sure tomcat handles this. > 2. Can I set it for a group of contexts, so that they will all be able > to use request.getPricipal() and have the user name that logged in? When authenticated, request.getPrincipal() returns the authenticated principal > > > ----- Original Message ----- From: "David Delbecq" > To: "Tomcat Users List" > Sent: Wednesday, February 15, 2006 3:05 PM > Subject: Re: password protection > > >> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html >> http://www.cafesoft.com/products/cams/tomcat-security.html >> >> for other ones, use favorite search engine. >> >> Zohar Amir a �crit : >> >>> Thanks, >>> Where can I find info on how exactly to do this? maybe an example...? >>> ----- Original Message ----- From: "David Delbecq" >>> To: "Tomcat Users List" >>> Sent: Wednesday, February 15, 2006 2:52 PM >>> Subject: Re: password protection >>> >>> >>>> Zohar Amir a �crit : >>>> >>>>> Hello, >>>>> I'm using tomcat 5.5.15 on Win XP. >>>>> I have a servlet that is deployed on a certain context. I would like >>>>> anyone trying to use that servlet use a username-password. how do >>>>> I do >>>>> this? >>>> >>>> >>>> >>>> set a security-constrain in WEB-INF/web.xml >>>> >>>>> What if I need to protect a jsp that is part of the servlet? >>>> >>>> >>>> >>>> You mean to prevent direct loading of a jsp included by your servlet? >>>> Same thing, add a security-constraint to the url of your jsp. >>>> >>>>> Thanks, >>>>> Zohar. >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>>>> For additional commands, e-mail: users-help@tomcat.apache.org >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>>> For additional commands, e-mail: users-help@tomcat.apache.org >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>> For additional commands, e-mail: users-help@tomcat.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org