tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Fors <chri...@hotmail.com>
Subject RE: Tomcat Built-in WinAuth - NEW THREAD
Date Mon, 04 Mar 2013 22:54:20 GMT
 > Date: Mon, 4 Mar 2013 23:32:34 +0100
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Tomcat Built-in WinAuth - NEW THREAD
> 
> Mark Thomas wrote:
> > On 04/03/2013 21:47, Chris Fors wrote:
> >> Could you please expand on what constraints you were referring to
> > 
> > Security constraints in web.xml
> > 
> >> and how they are best implemented, where, and in what syntax e.g. if implemented
in web.xml what are the correct tags.
> > 
> > All defined in  the Servlet spec.
> > 
> >> If implemented in web.xml what are the correct tags. I have not found this clarified
anywhere, yet.
> > 
> > Again, see the servlet spec.
> 
> You will find an example in the "manager" webapp that comes with Tomcat.
> Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts like this :
> 
>    <security-constraint>
>      <web-resource-collection>
>        <web-resource-name>HTML Manager interface (for humans)</web-resource-name>
>        <url-pattern>/html/*</url-pattern>
>      </web-resource-collection>
>      <auth-constraint>
>         <role-name>manager-gui</role-name>
>      </auth-constraint>
>    </security-constraint>
> 
> In not-quite-technical terms :
> 
> The above, present at the level of the webapp, specifies a "role" which the authenticated

> user must have, in order to be able to access this part of the webapp.
> To determine if the user has that role, Tomcat must first know the user. This is what

> "triggers" the authentication mechanism.
> If nothing forces Tomcat to authenticate the user of this webapp, the authentication

> method may well be specified, but it will not be invoked.
> 
 Was hoping to not have to hunt through the complete JSR 315 specification.  I will give the
 constraint model above a shot tomorrow. Thanks, Chris 
  		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message