tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Password protecting directories in virtual hosts
Date Thu, 14 Feb 2013 21:34:52 GMT
Dennis Gormley wrote:
> 
> Hello;
> 
> I've been struggling with this for a couple of weeks now.  I've searched 
> web sites, forums and lists, but I can't seem to find the information I 
> want.
> 
> We have two web sites on a Tomcat 5.5 server (virtual hosts?). I didn't 
> set up the server, but I've been tasked to password protect a directory 
> on one of the sites.  I've already successfully password protected a 
> directory one site (site1) using a MemoryRealm, , but would like to 
> protect another site (site2).
> 
> Here are the working <security-constraint> , <login-config>, and 
> <security-role> sections challange for UN/PW when a user tries to access 
> the directory on site1.  It's located in
> D:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml
> 
> <!-- Begin code modified 20090320 by DJG to password protect Millennium 
> user directory    -->
> 
>        <security-constraint>
>                <web-resource-collection>
>                        <web-resource-name>Test 
> Application</web-resource-name>
>                        <url-pattern>/site1_staff/*</url-pattern>
> 
>                </web-resource-collection>
>                <auth-constraint>
> <role-name>site1staff</role-name>
>                </auth-constraint>
> 
>        </security-constraint>
> 
>        <login-config>
>                <auth-method>BASIC</auth-method>
>                <realm-name>Site1 Users</realm-name>
>        </login-config>
> 
>        <security-role>
>                <description>The role that is required to log in to
>                    the Manager Application</description>
> <role-name>site1staff</role-name>
>        </security-role>
> 
> <!-- End code modified 20090320 by DJG to password protect Millennium 
> user directory    -->
> 
> I tried to just change the relevant arguments of  D:\Program 
> Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml so a directory 
> on a site2 was password protected, but changing it (and restarting the 
> tomcat server) did not produce a challenge when going to this directory
> 
> <!-- Begin code modified 20120214 by DJG to password protect AskherePA 
> staff directory    -->
> 
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>Test 
> Application</web-resource-name>
> <url-pattern>/site2/site2staff/*</url-pattern>
> 
>                 </web-resource-collection>
>                 <auth-constraint>
> <role-name>site2staff</role-name>
>                 </auth-constraint>
> 
>         </security-constraint>
> 
>         <login-config>
> <auth-method>BASIC</auth-method>
>                 <realm-name>Site2 Staff</realm-name>
>         </login-config>
> 
>         <security-role>
>                 <description>The role that is required to log in to
>                     the Manager Application</description>
> <role-name>site2staff</role-name>
>         </security-role>
> 
> <!-- End code modified 220120214 by DJG to password protect AskherePA 
> staff directory     -->
> 
> Here's the D:\Program Files\Apache Software Foundation\Tomcat 
> 5.5\conf\tomcat-users.xml file
> 
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="site1staff"/>
>   <role rolename="site2staff"/>
>   <role rolename="tomcat"/>
> 
> 
> 
>   <user username="tomcat" password="tomcat" roles="tomcat"/>
>   <user username="site1UN" password="site1PW" roles="site1staff"/>
>   <user username="site2UN" password="site2PW" roles="site2staff"/>
> </tomcat-users>
> 
> The two directories appear in D:\Program Files\Apache Software 
> Foundation\Tomcat 5.5\webapps\cfusion\site1_staff and D:\Program 
> Files\Apache Software Foundation\Tomcat 
> 5.5\webapps\cfusion\site2\site2staff
> 
> 
> Of course, I would ideally like to password protect both directories on 
> both sites (and other directories on other sites as well), but if I can 
> get this working for now, my boss'll be happy!
> 

Hi.
You probably should not be touching (have been touching) the file D:\Program Files\Apache

Software Foundation\Tomcat 5.5\conf\web.xml . Hopefully you kept a backup of the original.
Can you paste here the file D:\Program Files\Apache Software Foundation\Tomcat 
5.5\conf\server.xml ? (remove or obscure any confidential information).
Someone may be able to give you a better way than fiddling with the default web.xml.

This being said, Tomcat 5.5 is very old and either not supported anymore, or about to 
become unsupported. The current version is Tomcat 7.0.35.
See here : http://tomcat.apache.org/whichversion.html





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message