tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Rohde <...@ordix.de>
Subject Re: Please somebody can translate this configuration in tomcat form for server.xml or another xml config file?
Date Fri, 27 Jan 2012 14:36:35 GMT


Am 27.01.2012 15:28, schrieb Luciano Andress Martini:
> Sorry where is the correct place to put this security constraint?

The web.xml file is an essential part of each Tomat web application. It 
is located in <myapp>/WEB-INF/web.xml.

>
>
> 2012/1/27, Luciano Andress Martini<777user@gmail.com>:
>>   Thomas Rohde:
>>
>>   With this tomcat still can upload files? Cause it need to can =[
>>
>>
>> 2012/1/27, Luciano Andress Martini<777user@gmail.com>:
>>>    Thomas Rohde
>>>   Man thank you very much, i will try it now! =]
>>>
>>>
>>> 2012/1/27, Luciano Andress Martini<777user@gmail.com>:
>>>> Humm sorry friends im not trying to fight, i just really need to do
>>>> that.
>>>>
>>>> I will try to draw what i want to happen, maybe my english is very poor.
>>>>
>>>> (TOMCAT SERVER)   says
>>>> -Yes i can access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque  i can upload
>>>> files here.
>>>>
>>>> (USER) says
>>>> -No i cant access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>>>
>>>> (TOMCAT LIST HELPER) says
>>>> Luciano, Idiot you need to move this directory outside tomcat6
>>>> upload_contracheque.
>>>>
>>>> (DEVELOPER) says
>>>> Luciano Idiot, i never will move this directory, you just need to
>>>> block it, as you do in Apache2. You dont know how to do that?
>>>>
>>>> Understand now?
>>>>
>>>>
>>>> 2012/1/27, Luciano Andress Martini<777user@gmail.com>:
>>>>> I really want to block a directory like
>>>>> /webapps/temporarios/upload_contracheque
>>>>>
>>>>> Yes is the first option but withou moving the directory outside
>>>>> tomcat, because im not the developer of the system, and i just put
>>>>> this system on the server.... and i really need to simple block this
>>>>> directory...=//
>>>>>
>>>>> I need to block this, in the similar way that i do in apache...
>>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>>>>>
>>>>> I really cant move this outside this directory.
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>> 2012/1/27, André Warnier<aw@ice-sa.com>:
>>>>>> Luciano Andress Martini wrote:
>>>>>>> I need to do this in tomcat6:
>>>>>>> Apache2 form:
>>>>>>> <Directory /var/www/temporarios/upload_contracheque>
>>>>>>>                  Order allow,deny
>>>>>>>                  deny from all
>>>>>>> </Directory>
>>>>>>>
>>>>>> I think that you are again not very clear, but I will try to guess.
>>>>>>
>>>>>> There is no direct equivalent of the above in Tomcat, because Tomcat
>>>>>> works
>>>>>> on the base of
>>>>>> "context" rather than "disk directory".
>>>>>> (For an Apache2 equivalent, think<Location>  instead of<Directory>).
>>>>>>
>>>>>> So to re-phrase your question :
>>>>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X
,
>>>>>> and
>>>>>> you want to
>>>>>> prevent (all) web users from accessing the content of that
>>>>>> sub-directory
>>>>>> X.
>>>>>> Yes ?
>>>>>>
>>>>>> If yes, then the best way of achieving this is probably to have this
>>>>>> directory be outside
>>>>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>>>>>> directory tree).
>>>>>> If you need to access it from Apache2, then you can always use an
>>>>>> Alias
>>>>>> in
>>>>>> Apache2.
>>>>>> E.g.
>>>>>>
>>>>>> /var/www/site1/docs/  = Apache2 DocumentRoot
>>>>>>
>>>>>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>>>>>
>>>>>> /var/www/temporarios/upload = directory where the files are uploaded
>>>>>>
>>>>>> In Apache2 :
>>>>>>
>>>>>> Alias /temporarios/ /var/www/temporarios/
>>>>>> <Directory /var/www/temporarios>
>>>>>>     .....  (Allow/deny and other things) ...
>>>>>> </Directory>
>>>>>>
>>>>>> In Tomcat : nothing  (Tomcat will not even see this directory, and
no
>>>>>> Tomcat
>>>>>> URL can reach
>>>>>> it).
>>>>>>
>>>>>> If your Tomcat webapp needs to read/write there, then you decide
that
>>>>>> inside
>>>>>> your Tomcat
>>>>>> webapp.(And you give the Apache and the Tomcat user the appropriate
>>>>>> user-id
>>>>>> &  permissions
>>>>>> to read/write there).
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message