tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Gross <cogr...@gmail.com>
Subject Re: Configuring Embedded Tomcat
Date Mon, 10 Jan 2011 20:47:42 GMT
I figured it out -- I just needed to put the one application that I wanted
to be secure in the security-constraint section, then let the other ones not
require authentication.

-- Chris


On Mon, Jan 10, 2011 at 2:41 PM, Christopher Gross <cogross@gmail.com>wrote:

> That did it!  Thanks Mark & Pid.
>
> Now to make it more complicated -- in order to have another page without
> that restriction, would I need to make a whole new webapp, or can I turn
> down the security for a specific page?
>
> Thanks!
>
> -- Chris
>
>
>
> On Mon, Jan 10, 2011 at 2:18 PM, Pid <pid@pidster.com> wrote:
>
>> On 1/10/11 6:58 PM, Christopher Gross wrote:
>> > Borrowing from another web.xml (solr's), I added this to my web.xml:
>> >
>> >   <resource-env-ref>
>> >     <description>
>> >       Link to the UserDatabase instance from which we request lists of
>> >       defined role names.  Typically, this will be connected to the
>> global
>> >       user database with a ResourceLink element in server.xml or the
>> context
>> >       configuration file for the Manager web application.
>> >     </description>
>> >     <resource-env-ref-name>users</resource-env-ref-name>
>> >     <resource-env-ref-type>
>> >       org.apache.catalina.UserDatabase
>> >     </resource-env-ref-type>
>> >   </resource-env-ref>
>> >
>> >   <security-constraint>
>> >     <web-resource-collection>
>> >       <web-resource-name>Monitor</web-resource-name>
>> >       <url-pattern>/Monitor/*</url-pattern>
>> >       <http-method>GET</http-method>
>> >       <http-method>POST</http-method>
>> >     </web-resource-collection>
>> >     <auth-constraint>
>> >       <role-name>admin</role-name>
>> >     </auth-constraint>
>> >   </security-constraint>
>> >
>> >   <!-- Define the Login Configuration for this Application -->
>> >   <login-config>
>> >     <auth-method>BASIC</auth-method>
>> >     <realm>UserDatabase</realm>
>> >   </login-config>
>> >
>> >   <security-role>
>> >    <role-name>admin</role-name>
>> >   </security-role>
>> >
>> > But I'm still getting through without having to authenticate.  Is there
>> > something that I'm missing, or am I going about this all wrong?
>>
>> If 'Monitor' is the name of your Context/webapp, the above means:
>>
>>  /Monitor/Monitor/*
>>
>> Try:
>>
>>  <url-pattern>/*</url-pattern>
>>
>> instead.
>>
>>
>> p
>>
>> >
>> > Thanks!
>> >
>> > -- Chris
>> >
>> >
>> > On Mon, Jan 10, 2011 at 1:45 PM, Mark Thomas <markt@apache.org> wrote:
>> >
>> >> On 10/01/2011 18:43, Christopher Gross wrote:
>> >>> I added the security role:
>> >>>         MemoryRealm mr = new MemoryRealm();
>> >>>         mr.setPathname(path + "/conf/tomcat-users.xml");
>> >>>         Context sp = embedded.createContext("/Monitor", path +
>> >>> "/webapps/monitor");
>> >>>         sp.setRealm(mr);
>> >>>         sp.addSecurityRole("admin");
>> >>>         host.addChild(sp);
>> >>>
>> >>> Is there anything else that I need to do for the Context?
>> >>
>> >> You need to set up some security constraints in web.xml
>> >>
>> >> Mark
>> >>
>> >>>
>> >>> -- Chris
>> >>>
>> >>>
>> >>> On Mon, Jan 10, 2011 at 1:37 PM, Mark Thomas <markt@apache.org>
>> wrote:
>> >>>
>> >>>> On 10/01/2011 18:16, Christopher Gross wrote:
>> >>>>> I created a MemoryRealm object, pointed it to my tomcat-users.xml
>> file,
>> >>>>> added that realm to the embedded (no luck) and to the specific
>> context
>> >>>> (no
>> >>>>> luck either).  For both, it just plain loads the page -- doesn't
ask
>> me
>> >>>> to
>> >>>>> do any type of logging in.
>> >>>>>
>> >>>>> Are you just using your own experience to help me, or are you
aware
>> of
>> >>>> any
>> >>>>> documentation that I could peruse, instead of lobbing questions
at
>> you
>> >> a
>> >>>> few
>> >>>>> times a day? :)
>> >>>>
>> >>>> Have you configured your app to require authentication? IF not the
>> realm
>> >>>> will never be used.
>> >>>>
>> >>>> Mark
>> >>>>
>> >>>>>
>> >>>>> -- Chris
>> >>>>>
>> >>>>>
>> >>>>> On Mon, Jan 10, 2011 at 12:48 PM, Pid <pid@pidster.com>
wrote:
>> >>>>>
>> >>>>>> Can you not create a org.apache.catalina.realms.MemoryRealm
and set
>> >> the
>> >>>>>> path to the xml file?
>> >>>>>>
>> >>>>>>
>> >>>>>> p
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>
>> >>>>
>> >>>
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>
>> >>
>> >
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message