tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Configure read/write-access in TomCat
Date Wed, 18 Aug 2010 11:32:00 GMT
K A wrote:
> Hello
> I've developed a web-application in which I'd like to have some control of which resources
are accessed by whom. My project is called "Server" in which I've got 3 directories: "/user"
which all roles are allowed to access, "/admin" which ONLY administrators are allowed to access
and "resources" in which I've got some files which users are allowed to read and administrators
are allowed to both read and write.

What do you mean by "write" ?  There is nothing in tomcat itself which allows users to 
write anywhere on the server.
If it is your application which allows some users to do that, then it belongs to your 
application to check their permissions to do so.

> I'm using a FORM to login. The form action is "POST" and the action is "j_security_check",
the username field's name is "j_username" and the password field's is "j_password".
> I've implemented a security-check in the jsp-file itself where I'm checking for the type
of login the current user has. If the type is aproved then the user is allowed to access the

That is all very nice, but mostly irrelevant. The important thing here is that your 
application would know who the user is, if it wants to control access to some functions in

function of the user.

> But when I test the application and try to access the files in the other library then
I've got access no matter what. This wasn't the intension. 

> Can somebody please give me a detailed walkthrough on how to achieve this?
I believe that for that, you'll have to be prepared to pay someone.

To say the above in another way : in tomcat itself, there is no mechanism for allowing a 
user to upload anything and write it somewhere on the server.
So you will not find anything in the tomcat documentation which explains how to do what 
you want.

You will have to look for a separate web application which does that.
And such an application would most probably contain some form of a permissions mechanism.

One such application is DAV, which used to be included in the tomcat sample applications.
If you use the "Find Page" button in the FAQ, and enter "DAV", it shows some links which 
might help you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message