tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rashmi Rubdi <>
Subject Re: How to password protect a directory?
Date Tue, 05 Dec 2006 15:54:35 GMT
With Tomcat you can also use a URL Rewrite Filter to transparently (HTTP 200) redirect requests
to the protected folder 
to a HTTP 403 status or a password required page.

But I can't gurantee if URL Rewriting makes the directory fully secure.

----- Original Message ----
From: David Delbecq <>
To: Tomcat Users List <>
Sent: Tuesday, December 5, 2006 5:58:53 AM
Subject: Re: How to password protect a directory?

Mikolaj Rydzewski a écrit :
> Hi,
> I have several directories mapped to my Tomcat instance with
> context.xml like this:
> <?xml version="1.0" encoding="ISO-8859-2"?>
> <Context
>        cookies="false"
>        docBase="/home/stats/some_dir"
>        path="/stats"
> />
> There're only html files there. No JSP, servlets, and of course no
> WEB-INF. How can I password protect those directories (or webapps)? Do
> I have to create appropriate WEB-INF/web.xml and security constraints?
> Or is there any simpler solution?
Only static resources? Yes, there is a simpler solution, don't use
tomcat, use an apache web server and a .htaccess file.

If you really need tomcat, yes, a web.xml is highly recommanded then.

Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message