You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Zohar Amir <da...@hotmail.com> on 2006/02/15 13:30:20 UTC
password protection
Hello,
I'm using tomcat 5.5.15 on Win XP.
I have a servlet that is deployed on a certain context. I would like anyone
trying to use that servlet use a username-password. how do I do this?
What if I need to protect a jsp that is part of the servlet?
Thanks,
Zohar.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: password protection
Posted by David Delbecq <de...@oma.be>.
Zohar Amir a écrit :
> Thank you again,
> I've set a security-constraint on the context (in the web.xml), and it
> works OK now.
> What I'd like to know is:
> 1. Can I do it anywhere else other than the web.xml, so that the
> deployer can control this and not the developer?
No, but on some webapplication container there is the possibility to map
from application roles to real roles (eg, the 'admin' role of app XYZ is
in fact the role PublicationManager). But am not sure tomcat handles this.
> 2. Can I set it for a group of contexts, so that they will all be able
> to use request.getPricipal() and have the user name that logged in?
When authenticated, request.getPrincipal() returns the authenticated
principal
>
>
> ----- Original Message ----- From: "David Delbecq" <de...@oma.be>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Wednesday, February 15, 2006 3:05 PM
> Subject: Re: password protection
>
>
>> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html
>> http://www.cafesoft.com/products/cams/tomcat-security.html
>>
>> for other ones, use favorite search engine.
>>
>> Zohar Amir a écrit :
>>
>>> Thanks,
>>> Where can I find info on how exactly to do this? maybe an example...?
>>> ----- Original Message ----- From: "David Delbecq" <de...@oma.be>
>>> To: "Tomcat Users List" <us...@tomcat.apache.org>
>>> Sent: Wednesday, February 15, 2006 2:52 PM
>>> Subject: Re: password protection
>>>
>>>
>>>> Zohar Amir a écrit :
>>>>
>>>>> Hello,
>>>>> I'm using tomcat 5.5.15 on Win XP.
>>>>> I have a servlet that is deployed on a certain context. I would like
>>>>> anyone trying to use that servlet use a username-password. how do
>>>>> I do
>>>>> this?
>>>>
>>>>
>>>>
>>>> set a security-constrain in WEB-INF/web.xml
>>>>
>>>>> What if I need to protect a jsp that is part of the servlet?
>>>>
>>>>
>>>>
>>>> You mean to prevent direct loading of a jsp included by your servlet?
>>>> Same thing, add a security-constraint to the url of your jsp.
>>>>
>>>>> Thanks,
>>>>> Zohar.
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: password protection
Posted by Zohar Amir <da...@hotmail.com>.
Thank you again,
I've set a security-constraint on the context (in the web.xml), and it works
OK now.
What I'd like to know is:
1. Can I do it anywhere else other than the web.xml, so that the deployer
can control this and not the developer?
2. Can I set it for a group of contexts, so that they will all be able to
use request.getPricipal() and have the user name that logged in?
----- Original Message -----
From: "David Delbecq" <de...@oma.be>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Wednesday, February 15, 2006 3:05 PM
Subject: Re: password protection
> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html
> http://www.cafesoft.com/products/cams/tomcat-security.html
>
> for other ones, use favorite search engine.
>
> Zohar Amir a écrit :
>
>> Thanks,
>> Where can I find info on how exactly to do this? maybe an example...?
>> ----- Original Message ----- From: "David Delbecq" <de...@oma.be>
>> To: "Tomcat Users List" <us...@tomcat.apache.org>
>> Sent: Wednesday, February 15, 2006 2:52 PM
>> Subject: Re: password protection
>>
>>
>>> Zohar Amir a écrit :
>>>
>>>> Hello,
>>>> I'm using tomcat 5.5.15 on Win XP.
>>>> I have a servlet that is deployed on a certain context. I would like
>>>> anyone trying to use that servlet use a username-password. how do I do
>>>> this?
>>>
>>>
>>> set a security-constrain in WEB-INF/web.xml
>>>
>>>> What if I need to protect a jsp that is part of the servlet?
>>>
>>>
>>> You mean to prevent direct loading of a jsp included by your servlet?
>>> Same thing, add a security-constraint to the url of your jsp.
>>>
>>>> Thanks,
>>>> Zohar.
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: password protection
Posted by David Delbecq <de...@oma.be>.
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html
http://www.cafesoft.com/products/cams/tomcat-security.html
for other ones, use favorite search engine.
Zohar Amir a écrit :
> Thanks,
> Where can I find info on how exactly to do this? maybe an example...?
> ----- Original Message ----- From: "David Delbecq" <de...@oma.be>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Wednesday, February 15, 2006 2:52 PM
> Subject: Re: password protection
>
>
>> Zohar Amir a écrit :
>>
>>> Hello,
>>> I'm using tomcat 5.5.15 on Win XP.
>>> I have a servlet that is deployed on a certain context. I would like
>>> anyone trying to use that servlet use a username-password. how do I do
>>> this?
>>
>>
>> set a security-constrain in WEB-INF/web.xml
>>
>>> What if I need to protect a jsp that is part of the servlet?
>>
>>
>> You mean to prevent direct loading of a jsp included by your servlet?
>> Same thing, add a security-constraint to the url of your jsp.
>>
>>> Thanks,
>>> Zohar.
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: password protection
Posted by Zohar Amir <da...@hotmail.com>.
Thanks,
Where can I find info on how exactly to do this? maybe an example...?
----- Original Message -----
From: "David Delbecq" <de...@oma.be>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Wednesday, February 15, 2006 2:52 PM
Subject: Re: password protection
> Zohar Amir a écrit :
>
>> Hello,
>> I'm using tomcat 5.5.15 on Win XP.
>> I have a servlet that is deployed on a certain context. I would like
>> anyone trying to use that servlet use a username-password. how do I do
>> this?
>
> set a security-constrain in WEB-INF/web.xml
>
>> What if I need to protect a jsp that is part of the servlet?
>
> You mean to prevent direct loading of a jsp included by your servlet?
> Same thing, add a security-constraint to the url of your jsp.
>
>> Thanks,
>> Zohar.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: password protection
Posted by David Delbecq <de...@oma.be>.
Zohar Amir a écrit :
> Hello,
> I'm using tomcat 5.5.15 on Win XP.
> I have a servlet that is deployed on a certain context. I would like
> anyone trying to use that servlet use a username-password. how do I do
> this?
set a security-constrain in WEB-INF/web.xml
> What if I need to protect a jsp that is part of the servlet?
You mean to prevent direct loading of a jsp included by your servlet?
Same thing, add a security-constraint to the url of your jsp.
> Thanks,
> Zohar.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org