You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by sk...@dcsimtech.com on 2001/04/06 03:49:38 UTC

security question

Hello everybody,

the "problem" is that I should have some security on my site. I think of
authentifikation by a username and password and then access rights for
special areas of the site. so far, so good. I started looking arround. I
know have a login form, a jsp to chaeck username and password and a bean to
store weather the user is loged in or not. OK. but that didn't help me,
because I have cocoon-generated html pages on my site. And as far as I know
in html beans can not be used.

What I thinkis, that you can configure tomcat to check those security
things. I've been to the faq but the security section is empty, i've read
the userguide many times but this points I couldn't find. So the questions
are:

1.) How to set up (for example) basic security in tomcat?

2.) Do I need my own login forms, and how would they work together with
tomcat?

3.) Do I have to check somewhere if a user is loged on?

4.) Is there any FAQ or Tutorial about webserver security?

so thanks for reading this, feel free to answer,

Sascha

Re: security question

Posted by Jeff Turner <je...@socialchange.net.au>.

It's all defined in the servlet spec, downloadable from
http://java.sun.com/products/servlet/index.html.

Tomcat comes with a preconfigured example (examples/jsp/security)
demonstrating this.

--Jeff

On Fri, Apr 06, 2001 at 09:49:38AM +0800, skolski@dcsimtech.com wrote:
> Hello everybody,
> 
> the "problem" is that I should have some security on my site. I think of
> authentifikation by a username and password and then access rights for
> special areas of the site. so far, so good. I started looking arround. I
> know have a login form, a jsp to chaeck username and password and a bean to
> store weather the user is loged in or not. OK. but that didn't help me,
> because I have cocoon-generated html pages on my site. And as far as I know
> in html beans can not be used.
> 
> What I thinkis, that you can configure tomcat to check those security
> things. I've been to the faq but the security section is empty, i've read
> the userguide many times but this points I couldn't find. So the questions
> are:
> 
> 1.) How to set up (for example) basic security in tomcat?
> 
> 2.) Do I need my own login forms, and how would they work together with
> tomcat?
> 
> 3.) Do I have to check somewhere if a user is loged on?
> 
> 4.) Is there any FAQ or Tutorial about webserver security?
> 
> so thanks for reading this, feel free to answer,
> 
> Sascha
>

Re: security question

Posted by Drasko Kokic <dr...@yahoo.com>.

This all is described in the Servlet API spec (context
based security).  More info you can get from the
Tomcat user mailing list.

--- skolski@dcsimtech.com wrote:
> Hello everybody,
> 
> the "problem" is that I should have some security on
> my site. I think of
> authentifikation by a username and password and then
> access rights for
> special areas of the site. so far, so good. I
> started looking arround. I
> know have a login form, a jsp to chaeck username and
> password and a bean to
> store weather the user is loged in or not. OK. but
> that didn't help me,
> because I have cocoon-generated html pages on my
> site. And as far as I know
> in html beans can not be used.
> 
> What I thinkis, that you can configure tomcat to
> check those security
> things. I've been to the faq but the security
> section is empty, i've read
> the userguide many times but this points I couldn't
> find. So the questions
> are:
> 
> 1.) How to set up (for example) basic security in
> tomcat?
> 
> 2.) Do I need my own login forms, and how would they
> work together with
> tomcat?
> 
> 3.) Do I have to check somewhere if a user is loged
> on?
> 
> 4.) Is there any FAQ or Tutorial about webserver
> security?
> 
> so thanks for reading this, feel free to answer,
> 
> Sascha
> 
> 
> 
>
---------------------------------------------------------------------
> Please check that your question has not already been
> answered in the
> FAQ before posting.
> <http://xml.apache.org/cocoon/faqs.html>
> 
> To unsubscribe, e-mail:
> <co...@xml.apache.org>
> For additional commands, e-mail:
> <co...@xml.apache.org>
> 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>