You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by François <fr...@yahoo.ca> on 2006/02/01 01:31:43 UTC

How to secure a folder?

Hi all, 



I've been trying to secure a folder so that BASIC authentication occurs 
whenever someone tries to access a .txt under it, configuring both 
web.xml and tomcat-users.xml. 



I've successfully implemented this type of authentication for jsp files 
(using <url-pattern>/path/to/my/folder/*</url-pattern>), but any other 
type of ressources, and in particular .txt type of files, are not 
protected at all. 



Is there a way to accomplish that? 



Thanks, 



François

Re: How to secure a folder?

Posted by Mark Thomas <ma...@apache.org>.

François wrote:
> I've successfully implemented this type of authentication for jsp files 
> (using <url-pattern>/path/to/my/folder/*</url-pattern>), but any other 
> type of ressources, and in particular .txt type of files, are not 
> protected at all. 

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Test</web-resource-name>
      <url-pattern>/test/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

Works for me. I added /test/test.txt and was prompted for my credentials.

Note you will only get promted for a password once. The browser then
caches it and sends it with all subsequent requests to that host until
upi close the browser.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org