You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andre Rubin <an...@gmail.com> on 2008/11/27 00:55:11 UTC
security-constraint outside web.xml
Hey All,
I'm new here, yada yada yada. I've been trying to find the answer in
the archives, manual, etc, and so far nothing.
What I want to do is to deploy my_app.war with different
security-constraints (for different customers). But I was hoping not
to edit the web.xml file in the war file for each deployment. Is there
a way to configure the security-constraints somewhere else for my_app,
like in a context file somewhere
($CATALINA_HOME/conf/[enginename]/[hostname]/my_app.xml) or somewhere
else?
Thanks in advance.
Andre
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: security-constraint outside web.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andre,
Andre Rubin wrote:
> Thanks Chuck but SecurityFilter does exactly the opposite of what I want:
>
> "Security Filter is intended to be packaged within your web app,
> including your realm implementation and supporting classes. This
> allows you to deploy your app as a single, deployable unit (war file
> or expanded war directory structure) with no additional configuration
> of the server environment."
>
> I want to manage security completely outside my app (outside the war
> file), not just outside web.xml. Maybe I wasn't clear enough on that
> regard.
If you want configuration outside of your webapp, you'll need to roll
something yourself. If I may ask, what's the danger of allowing the
webapp to configure its own security settings? Typically, the webapp
knows what's best for itself.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkk1V4QACgkQ9CaO5/Lv0PA5kACgnGFcGKziBy7tXTg069AeaZWk
VzgAmgJxMIlYE1aeEB9/KU31ks3LQzHS
=p8fU
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: security-constraint outside web.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andre Rubin [mailto:andre.rubin@gmail.com]
> Subject: Re: security-constraint outside web.xml
>
> I want to manage security completely outside my app (outside the war
> file), not just outside web.xml.
I was under the impression that you could store the configuration settings for SecurityFilter anywhere you want, not just inside the webapp structure. Chris Schultz works on SecurityFilter and is a regular contributer to this list, so he may be able to answer more definitively; however, this is a holiday week in the US, so it may be a while before he can comment.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: security-constraint outside web.xml
Posted by Andre Rubin <an...@gmail.com>.
Thanks Chuck but SecurityFilter does exactly the opposite of what I want:
"Security Filter is intended to be packaged within your web app,
including your realm implementation and supporting classes. This
allows you to deploy your app as a single, deployable unit (war file
or expanded war directory structure) with no additional configuration
of the server environment."
I want to manage security completely outside my app (outside the war
file), not just outside web.xml. Maybe I wasn't clear enough on that
regard.
Andre
On Wed, Nov 26, 2008 at 4:44 PM, Caldarale, Charles R
<Ch...@unisys.com> wrote:
>> From: Andre Rubin [mailto:andre.rubin@gmail.com]
>> Subject: security-constraint outside web.xml
>>
>> Is there a way to configure the security-constraints
>> somewhere else for my_app, like in a context file
>> somewhere
>
> Not when you're using the standard declarative security.
>
> This might help do what you want:
> http://securityfilter.sourceforge.net/
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: security-constraint outside web.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andre Rubin [mailto:andre.rubin@gmail.com]
> Subject: security-constraint outside web.xml
>
> Is there a way to configure the security-constraints
> somewhere else for my_app, like in a context file
> somewhere
Not when you're using the standard declarative security.
This might help do what you want:
http://securityfilter.sourceforge.net/
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org