You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ed Thompson <et...@carolina.rr.com> on 2002/06/22 21:41:55 UTC
security_constraint question
OK, rookie question....
I have a file in $TOMCAT_HOME/webapps/comics (index.html)
$TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/comics</url-pattern>
<url-pattern>/comics/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>comics</role-name>
</auth-constraint>
</security-constraint>
I have is set up for BASIC as my auth-method. Pretty much cut and paste
form the examples directory.
However, on my browser when I go to //thompson3:8080/comics, it takes me
right to index.html.
Why does it not require me to login first? What have a missed in the Tomcat
configuration?
Help greatly appreciate - been struggling with this for a couple of days...
(PS - the examples works great - going to
//thompson3:8080/examples/jsp/security/protected forces a login)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: security_constraint question
Posted by Ed Thompson <et...@carolina.rr.com>.
Thanx, that did it!
----- Original Message -----
From: "Mark A. Richman" <ma...@markrichman.com>
To: "'Tomcat Users List'" <to...@jakarta.apache.org>
Sent: Saturday, June 22, 2002 4:23 PM
Subject: RE: security_constraint question
> Try replacing:
>
> <url-pattern>/comics</url-pattern>
> <url-pattern>/comics/*</url-pattern>
>
> with:
>
> <url-pattern>/*</url-pattern>
>
> This applies the security constraint to your web app (not the root of
> the server). The former would only be effective on
> http://thompson3:8080/comics/comics/.
>
> - Mark
>
>
> -----Original Message-----
> From: Ed Thompson [mailto:ethompson7@carolina.rr.com]
> Sent: Saturday, June 22, 2002 3:42 PM
> To: Tomcat Users List
> Subject: security_constraint question
>
> OK, rookie question....
>
> I have a file in $TOMCAT_HOME/webapps/comics (index.html)
>
> $TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/comics</url-pattern>
> <url-pattern>/comics/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area
> -->
> <role-name>comics</role-name>
> </auth-constraint>
> </security-constraint>
>
> I have is set up for BASIC as my auth-method. Pretty much cut and paste
> form the examples directory.
>
> However, on my browser when I go to //thompson3:8080/comics, it takes me
> right to index.html.
> Why does it not require me to login first? What have a missed in the
> Tomcat
> configuration?
>
> Help greatly appreciate - been struggling with this for a couple of
> days...
>
> (PS - the examples works great - going to
> //thompson3:8080/examples/jsp/security/protected forces a login)
>
>
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: security_constraint question
Posted by "Mark A. Richman" <ma...@markrichman.com>.
Try replacing:
<url-pattern>/comics</url-pattern>
<url-pattern>/comics/*</url-pattern>
with:
<url-pattern>/*</url-pattern>
This applies the security constraint to your web app (not the root of
the server). The former would only be effective on
http://thompson3:8080/comics/comics/.
- Mark
-----Original Message-----
From: Ed Thompson [mailto:ethompson7@carolina.rr.com]
Sent: Saturday, June 22, 2002 3:42 PM
To: Tomcat Users List
Subject: security_constraint question
OK, rookie question....
I have a file in $TOMCAT_HOME/webapps/comics (index.html)
$TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/comics</url-pattern>
<url-pattern>/comics/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area
-->
<role-name>comics</role-name>
</auth-constraint>
</security-constraint>
I have is set up for BASIC as my auth-method. Pretty much cut and paste
form the examples directory.
However, on my browser when I go to //thompson3:8080/comics, it takes me
right to index.html.
Why does it not require me to login first? What have a missed in the
Tomcat
configuration?
Help greatly appreciate - been struggling with this for a couple of
days...
(PS - the examples works great - going to
//thompson3:8080/examples/jsp/security/protected forces a login)
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>