tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keith Masten <spmdt...@gmail.com>
Subject Re: Securing A Directory Listing
Date Thu, 21 Oct 2010 18:23:42 GMT
login dialog is presented, but no matter what Id/pw I provide I cannot
login.
Here is the web.xml that I am using and the tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="vsn-offsh"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="bob" password="9f9d51bc70ef21ca5c14f307980a29d8"
roles="vsn-offsh"/>
  <user username="admin" password="fc5e038d38a57032085441e7fe7010b0"
roles="admin,manager"/>
</tomcat-users>

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
  <display-name>Vision Application Logs</display-name>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>applogs</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>vsn-offsh</role-name>
  </auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
  <auth-method>DIGEST</auth-method>
  <realm-name>applogs</realm-name>
</login-config>
<!-- Security roles referenced by this Web application -->
<security-role>
  <role-name>vsn-offsh</role-name>
</security-role>
</web-app>




On Thu, Oct 21, 2010 at 9:43 AM, Keith Masten <spmdtech@gmail.com> wrote:

> I made the change Chuck suggested and it now prompts me for userid/pw.  I
> now have to setup the proper user access to make the setup complete.
>
>
> On Thu, Oct 21, 2010 at 9:34 AM, Keith Masten <spmdtech@gmail.com> wrote:
>
>> Thank you for pointing that out Chuck, I will make that adjustment.
>>
>>
>> On Thu, Oct 21, 2010 at 9:16 AM, Caldarale, Charles R <
>> Chuck.Caldarale@unisys.com> wrote:
>>
>>> > From: Keith Masten [mailto:spmdtech@gmail.com]
>>> > Subject: Re: Securing A Directory Listing
>>>
>>> > This does not work.
>>>
>>> Be more specific.
>>>
>>> >     <url-pattern>/applogs/*</url-pattern>
>>>
>>> I suspect you erroneously included the path to the webapp in the above.
>>>  I you specify just "/*", the entire webapp will be protected; what you have
>>> protects only /applogs underneath the webapp.
>>>
>>>  - Chuck
>>>
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>>> MATERIAL and is thus for use only by the intended recipient. If you received
>>> this in error, please contact the sender and delete the e-mail and its
>>> attachments from all computers.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message