You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rahman Syed <ra...@cornell.edu> on 2004/07/02 17:47:47 UTC
Security constraints for different contexts
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to
restrict access to one specific page. The problem is that this page exists
in different contexts, but using the same docbase. You can get a better
idea by looking at the first snippet included below.
You can see that the application itself is installed by default at context
"/wiki", and there will be additional copies at "/wiki/wikione" and so
on. My goal is to restrict /wiki/Edit.jsp to one role,
/wiki/wikione/Edit.jsp to another role, etc. The web.xml I'm using right
now doesn't even prompt for authentication at all; the only time I can get
it to authorize anything is when I only have one security constraint, for
url-pattern "/Edit.jsp".
Is there an easy to way to achieve this? Thanks...
Rahman
Server.xml snippet:
<Context path="/wiki/wikione" docBase="wiki" debug="0">
<Parameter name="jspwiki.propertyfile"
value="C:\tomcat\webapps\wiki\WEB-INF\wikione.properties"
override="false"/>
</Context>
The application's web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/wiki/Edit.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>wikiadmin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/wiki/wikione/Edit.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>wikioneadmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JSPWiki Editor</realm-name>
</login-config>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org