tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat Built-in WinAuth - NEW THREAD
Date Tue, 05 Mar 2013 00:48:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris,

On 3/4/13 4:54 PM, Chris Fors wrote:
>> Date: Mon, 4 Mar 2013 23:32:34 +0100 From: aw@ice-sa.com To:
>> users@tomcat.apache.org Subject: Re: Tomcat Built-in WinAuth -
>> NEW THREAD
>> 
>> Mark Thomas wrote:
>>> On 04/03/2013 21:47, Chris Fors wrote:
>>>> Could you please expand on what constraints you were
>>>> referring to
>>> 
>>> Security constraints in web.xml
>>> 
>>>> and how they are best implemented, where, and in what syntax
>>>> e.g. if implemented in web.xml what are the correct tags.
>>> 
>>> All defined in  the Servlet spec.
>>> 
>>>> If implemented in web.xml what are the correct tags. I have
>>>> not found this clarified anywhere, yet.
>>> 
>>> Again, see the servlet spec.
>> 
>> You will find an example in the "manager" webapp that comes with
>> Tomcat. Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts
>> like this :
>> 
>> <security-constraint> <web-resource-collection> 
>> <web-resource-name>HTML Manager interface (for
>> humans)</web-resource-name> <url-pattern>/html/*</url-pattern>

>> </web-resource-collection> <auth-constraint> 
>> <role-name>manager-gui</role-name> </auth-constraint> 
>> </security-constraint>
>> 
>> In not-quite-technical terms :
>> 
>> The above, present at the level of the webapp, specifies a "role"
>> which the authenticated user must have, in order to be able to
>> access this part of the webapp. To determine if the user has that
>> role, Tomcat must first know the user. This is what "triggers"
>> the authentication mechanism. If nothing forces Tomcat to
>> authenticate the user of this webapp, the authentication method
>> may well be specified, but it will not be invoked.
>> 
> Was hoping to not have to hunt through the complete JSR 315
> specification.  I will give the  constraint model above a shot
> tomorrow. Thanks, Chris

Honestly, it's like 3 pages of reading, most of which is tables and
examples. Reading the servlet spec (it's not your average spec: mere
mortals *can* read and understand it) should be required in order to
develop web applications.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlE1QNgACgkQ9CaO5/Lv0PC80ACdF7zjHS4wi+fsY42e1bKsFPCJ
kD4An3cF7A2CFc+1su5M/a9tejx6zlIC
=QoqH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message