Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (nike.apache.org: domain of cogross@gmail.com designates
 74.125.82.43 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        b=aKpuvjiaqFtocw/cLgpMy8QhEsKcTnOa2172IQVOgv9mPOC2aVd8bRbQiHUIpicwGt
         TmBLW/6d+oaZz8+ay/azgKlOzggHEJf7mQQkZcH+jKNmpOlxUzGn+N2FiQx+36pvV04i
         gaqRAiX07VndtcUkCSuKzErIRMUueieS5Ziro=
MIME-Version: 1.0
In-Reply-To: <4D2B5B9F.4090308@pidster.com>
References: <AANLkTi=+qXasiq4hpmJ7sQozE6UzSQCTHt5Gj7eg_XXW@mail.gmail.com>
 <4D277DC7.4090909@pidster.com>
 <AANLkTint-Vd8y+ZvOzKRG7xa+cF-1Eis6CP2DHFeH1xr@mail.gmail.com>
 <4D279702.4010705@pidster.com>
 <AANLkTin8+cZB7G0LZZR_Htz79WDCCa23x05THKSWxbhA@mail.gmail.com>
 <4D2B404C.4030906@pidster.com>
 <AANLkTi=pV43huhB+N6drMNhLk3p=R7snib-Y5wQXZHvV@mail.gmail.com>
 <4D2B4650.3050505@pidster.com>
 <AANLkTimp-KATPcwW_kJ3KELVqj_y4QRA+KxozHMVsa0W@mail.gmail.com>
 <4D2B5205.60201@apache.org>
 <AANLkTi=T=G6nH3ag7VgrQGXAA_N3jsrgS1vzBwTbjNZ6@mail.gmail.com>
 <4D2B53C5.9030108@apache.org>
 <AANLkTinBGG6pCLdq6bw-vJq_WpKz-0iB=roY-C4t3RJo@mail.gmail.com>
 <4D2B5B9F.4090308@pidster.com>
From: Christopher Gross <cogross@gmail.com>
Date: Mon, 10 Jan 2011 14:41:19 -0500
Message-ID: <AANLkTik2Yd04XRM90mjYk3pasyD6RGjYMuJPVPWOq-Qy@mail.gmail.com>
Subject: Re: Configuring Embedded Tomcat
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=001485f454181b757904998328e1

--001485f454181b757904998328e1
Content-Type: text/plain; charset=ISO-8859-1

That did it!  Thanks Mark & Pid.

Now to make it more complicated -- in order to have another page without
that restriction, would I need to make a whole new webapp, or can I turn
down the security for a specific page?

Thanks!

-- Chris


On Mon, Jan 10, 2011 at 2:18 PM, Pid <pid@pidster.com> wrote:

> On 1/10/11 6:58 PM, Christopher Gross wrote:
> > Borrowing from another web.xml (solr's), I added this to my web.xml:
> >
> >   <resource-env-ref>
> >     <description>
> >       Link to the UserDatabase instance from which we request lists of
> >       defined role names.  Typically, this will be connected to the
> global
> >       user database with a ResourceLink element in server.xml or the
> context
> >       configuration file for the Manager web application.
> >     </description>
> >     <resource-env-ref-name>users</resource-env-ref-name>
> >     <resource-env-ref-type>
> >       org.apache.catalina.UserDatabase
> >     </resource-env-ref-type>
> >   </resource-env-ref>
> >
> >   <security-constraint>
> >     <web-resource-collection>
> >       <web-resource-name>Monitor</web-resource-name>
> >       <url-pattern>/Monitor/*</url-pattern>
> >       <http-method>GET</http-method>
> >       <http-method>POST</http-method>
> >     </web-resource-collection>
> >     <auth-constraint>
> >       <role-name>admin</role-name>
> >     </auth-constraint>
> >   </security-constraint>
> >
> >   <!-- Define the Login Configuration for this Application -->
> >   <login-config>
> >     <auth-method>BASIC</auth-method>
> >     <realm>UserDatabase</realm>
> >   </login-config>
> >
> >   <security-role>
> >    <role-name>admin</role-name>
> >   </security-role>
> >
> > But I'm still getting through without having to authenticate.  Is there
> > something that I'm missing, or am I going about this all wrong?
>
> If 'Monitor' is the name of your Context/webapp, the above means:
>
>  /Monitor/Monitor/*
>
> Try:
>
>  <url-pattern>/*</url-pattern>
>
> instead.
>
>
> p
>
> >
> > Thanks!
> >
> > -- Chris
> >
> >
> > On Mon, Jan 10, 2011 at 1:45 PM, Mark Thomas <markt@apache.org> wrote:
> >
> >> On 10/01/2011 18:43, Christopher Gross wrote:
> >>> I added the security role:
> >>>         MemoryRealm mr = new MemoryRealm();
> >>>         mr.setPathname(path + "/conf/tomcat-users.xml");
> >>>         Context sp = embedded.createContext("/Monitor", path +
> >>> "/webapps/monitor");
> >>>         sp.setRealm(mr);
> >>>         sp.addSecurityRole("admin");
> >>>         host.addChild(sp);
> >>>
> >>> Is there anything else that I need to do for the Context?
> >>
> >> You need to set up some security constraints in web.xml
> >>
> >> Mark
> >>
> >>>
> >>> -- Chris
> >>>
> >>>
> >>> On Mon, Jan 10, 2011 at 1:37 PM, Mark Thomas <markt@apache.org> wrote:
> >>>
> >>>> On 10/01/2011 18:16, Christopher Gross wrote:
> >>>>> I created a MemoryRealm object, pointed it to my tomcat-users.xml
> file,
> >>>>> added that realm to the embedded (no luck) and to the specific
> context
> >>>> (no
> >>>>> luck either).  For both, it just plain loads the page -- doesn't ask
> me
> >>>> to
> >>>>> do any type of logging in.
> >>>>>
> >>>>> Are you just using your own experience to help me, or are you aware
> of
> >>>> any
> >>>>> documentation that I could peruse, instead of lobbing questions at
> you
> >> a
> >>>> few
> >>>>> times a day? :)
> >>>>
> >>>> Have you configured your app to require authentication? IF not the
> realm
> >>>> will never be used.
> >>>>
> >>>> Mark
> >>>>
> >>>>>
> >>>>> -- Chris
> >>>>>
> >>>>>
> >>>>> On Mon, Jan 10, 2011 at 12:48 PM, Pid <pid@pidster.com> wrote:
> >>>>>
> >>>>>> Can you not create a org.apache.catalina.realms.MemoryRealm and set
> >> the
> >>>>>> path to the xml file?
> >>>>>>
> >>>>>>
> >>>>>> p
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
>

--001485f454181b757904998328e1--