tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Rohde <...@ordix.de>
Subject Re: Please somebody can translate this configuration in tomcat form for server.xml or another xml config file?
Date Fri, 27 Jan 2012 14:17:21 GMT


Am 27.01.2012 15:07, schrieb Luciano Andress Martini:
> I really want to block a directory like
> /webapps/temporarios/upload_contracheque
>
> Yes is the first option but withou moving the directory outside
> tomcat, because im not the developer of the system, and i just put
> this system on the server.... and i really need to simple block this
> directory...=//
>
> I need to block this, in the similar way that i do in apache...
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque

Okay, it seems that your directory doesn't point to a web application 
but rather to a sub directory of a web application. If so you can put 
the rules into the web.xml file of the application.

Use a security constraint to handle this:

<security-constraint>
<web-resource-collection>
<web-resource-name>Upload directory</web-resource-name>
<url-pattern>/upload_contracheque/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>uploaduser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>upload</realm-name>
</login-config>
<security-role>
<role-name>uploaduser</role-name>
</security-role>

Now only authenticated users with the role "uploaduser" can access the 
directory.

Thomas


>
>
> I really cant move this outside this directory.
>
> Thank you.
>
>
> 2012/1/27, André Warnier<aw@ice-sa.com>:
>> Luciano Andress Martini wrote:
>>> I need to do this in tomcat6:
>>> Apache2 form:
>>> <Directory /var/www/temporarios/upload_contracheque>
>>>                  Order allow,deny
>>>                  deny from all
>>> </Directory>
>>>
>>
>> I think that you are again not very clear, but I will try to guess.
>>
>> There is no direct equivalent of the above in Tomcat, because Tomcat works
>> on the base of
>> "context" rather than "disk directory".
>> (For an Apache2 equivalent, think<Location>  instead of<Directory>).
>>
>> So to re-phrase your question :
>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X , and
>> you want to
>> prevent (all) web users from accessing the content of that sub-directory X.
>> Yes ?
>>
>> If yes, then the best way of achieving this is probably to have this
>> directory be outside
>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>> directory tree).
>> If you need to access it from Apache2, then you can always use an Alias in
>> Apache2.
>> E.g.
>>
>> /var/www/site1/docs/  = Apache2 DocumentRoot
>>
>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>
>> /var/www/temporarios/upload = directory where the files are uploaded
>>
>> In Apache2 :
>>
>> Alias /temporarios/ /var/www/temporarios/
>> <Directory /var/www/temporarios>
>>     .....  (Allow/deny and other things) ...
>> </Directory>
>>
>> In Tomcat : nothing  (Tomcat will not even see this directory, and no Tomcat
>> URL can reach
>> it).
>>
>> If your Tomcat webapp needs to read/write there, then you decide that inside
>> your Tomcat
>> webapp.(And you give the Apache and the Tomcat user the appropriate user-id
>> &  permissions
>> to read/write there).
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message