You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rahman Syed <ra...@cornell.edu> on 2004/07/02 17:47:47 UTC

Security constraints for different contexts

Hello,

I'm using Tomcat 5.0.25 and I'd like to use container-based security to 
restrict access to one specific page.  The problem is that this page exists 
in different contexts, but using the same docbase.  You can get a better 
idea by looking at the first snippet included below.

You can see that the application itself is installed by default at context 
"/wiki", and there will be additional copies at "/wiki/wikione" and so 
on.  My goal is to restrict /wiki/Edit.jsp to one role, 
/wiki/wikione/Edit.jsp to another role, etc.  The web.xml I'm using right 
now doesn't even prompt for authentication at all; the only time I can get 
it to authorize anything is when I only have one security constraint, for 
url-pattern "/Edit.jsp".

Is there an easy to way to achieve this?  Thanks...

Rahman

Server.xml snippet:

      <Context path="/wiki/wikione" docBase="wiki" debug="0">
           <Parameter name="jspwiki.propertyfile" 
value="C:\tomcat\webapps\wiki\WEB-INF\wikione.properties"
                      override="false"/>
      </Context>



The application's web.xml snippet:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/wiki/Edit.jsp</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>wikiadmin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/wiki/wikione/Edit.jsp</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>wikioneadmin</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>JSPWiki Editor</realm-name>
    </login-config>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org