You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bob Damato <bd...@coxtarget.com> on 2003/06/17 21:57:46 UTC
Security question
Security for the site I'm working with was originally done via IPlanet's
internal security. I'd like to move to using the webapp security in
Tomcat. Under iPlanet, the security was set up with the entire site - /*
- being secured, then specific uri's were explicitly declared
un-secured.
So, essentially we have
/* - secured
and say
/errors/* - explicitly open to the public
Is this possible to replicate using Tomcat's security? It would be
excruciating to reorganize the site, so I'd love to avoid that.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Security question
Posted by Bill Barker <wb...@wilshire.com>.
It can't be done (at least without hacking :). The servlet-spec only tells
how to secure a page. There is no concept of un-securing a page.
If you are using iPlanet+Tomcat, and the un-secure areas are all static
content, then you can configure iPlanet to serve the un-secure areas
(bypassing Tomcat's security checks). If it works, this is probably the
easiest.
Otherwise you probably would need to plug in your own custom Authenticator
that would be smart enough to un-secure some configured set of URLs.
"Bob Damato" <bd...@coxtarget.com> wrote in message
news:1055879866.27722.169.camel@damato...
> Security for the site I'm working with was originally done via IPlanet's
> internal security. I'd like to move to using the webapp security in
> Tomcat. Under iPlanet, the security was set up with the entire site - /*
> - being secured, then specific uri's were explicitly declared
> un-secured.
>
> So, essentially we have
> /* - secured
> and say
> /errors/* - explicitly open to the public
>
> Is this possible to replicate using Tomcat's security? It would be
> excruciating to reorganize the site, so I'd love to avoid that.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org