tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From K A <k_k_ander...@hotmail.com>
Subject RE: Configure read/write-access in TomCat
Date Wed, 18 Aug 2010 11:16:53 GMT

In /tomcat/Webapps/Projectname/web-inf:

I have inserted this part:
....



</resource-ref>
- <!--inserted from her  -->

 

- <security-constraint>


- <web-resource-collection>


  <web-resource-name>user open part</web-resource-name> 

  <url-pattern>/Server/user/*</url-pattern> 

  </web-resource-collection>

- <auth-constraint>


  <role-name>user</role-name> 

  <role-name>admin</role-name> 
  </auth-constraint>
  </security-constraint>

- <security-constraint>


- <web-resource-collection>


  <web-resource-name>admin closed part</web-resource-name> 

  <url-pattern>/Server/admin/*</url-pattern> 

  </web-resource-collection>

- <auth-constraint>


  <role-name>admin</role-name> 
  </auth-constraint>
  </security-constraint>

- <login-config>


  <auth-method>FORM</auth-method> 

- <form-login-config>


  <form-login-page>/Server/index.jsp</form-login-page> 

  <form-error-page>/Server/index.jsp</form-error-page> 
  </form-login-config>
  </login-config>

- <security-role>


  <role-name>admin</role-name> 

  <role-name>user</role-name> 
  </security-role>
- <!--inserted to here  -->

 

- <servlet>
...


In /tomcat/Conf/web.xml:



I have inserted this part:
.................


<!--inserted from here-->

      <security-constraint>

            <web-resource-collection>

                  <web-resource-name>user
open part</web-resource-name>

                  <url-pattern>/Server/user/*</url-pattern>

            </web-resource-collection>

            <auth-constraint>

                  <role-name>user</role-name>

                  <role-name>admin</role-name>

            </auth-constraint>

      </security-constraint>

      <security-constraint>

            <web-resource-collection>

                  <web-resource-name>admin
closed part</web-resource-name>

                  <url-pattern>/Server/admin/*</url-pattern>

            </web-resource-collection>

            <auth-constraint>

                  <role-name>admin</role-name>

            </auth-constraint>

      </security-constraint>

      <login-config>

            <auth-method>FORM</auth-method>

            <form-login-config>

                  <form-login-page>/Server/index.jsp</form-login-page>

                  <form-error-page>/Server/index.jsp</form-error-page>

            </form-login-config>

      </login-config>

      <security-role>

            <role-name>admin</role-name>

            <role-name>user</role-name>

      </security-role>

<!--inserted to here-->



    <servlet>

       
<servlet-name>default</servlet-name>

       
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>

        <init-param>

......



> Date: Wed, 18 Aug 2010 12:00:39 +0100
> From: pid@pidster.com
> To: users@tomcat.apache.org
> Subject: Re: Configure read/write-access in TomCat
> 
> On 18/08/2010 10:44, K A wrote:
> > 
> > Hello
> > 
> > I've developed a web-application in which I'd like to have some control of which
resources are accessed by whom. My project is called "Server" in which I've got 3 directories:
"/user" which all roles are allowed to access, "/admin" which ONLY administrators are allowed
to access and "resources" in which I've got some files which users are allowed to read and
administrators are allowed to both read and write.
> > 
> > I'm using a FORM to login. The form action is "POST" and the action is "j_security_check",
the username field's name is "j_username" and the password field's is "j_password".
> > I've implemented a security-check in the jsp-file itself where I'm checking for
the type of login the current user has. If the type is aproved then the user is allowed to
access the page.
> > 
> > But when I test the application and try to access the files in the other library
then I've got access no matter what. This wasn't the intension. 
> > 
> > I've tried to follow several tutorials online but no matter what I can't get it
to work ouf the right way.
> > 
> > I've tried to configure the web.xml manually but it doesn't work. I've tried to
use the "manager" through the browser but that doesn't seem to deliver the possibility to
setup those restriction.
> 
> What have you tried?
> 
> 
> > Can somebody please give me a detailed walkthrough on how to achieve this?
> > 
> > I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very much in
advance!
> 
> Why do people think it's called 'TomCat'?  It's *Tomcat*.
> 
> 
> p
> 
> 
> > Best regards,
> > Kenneth Andersen
> > k_k_andersen@hotmail.com
> >  		 	   		  
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message