You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Richard Dymond <ri...@abridean.com> on 2007/07/24 18:57:27 UTC
Tomcat 6, MyFaces, and "wrapping" static content
I'm using Tomcat 6 to serve a web application that consists of a bunch of JSF
pages and a bunch of static HTML help files. The web application uses
authentication, and the JSF pages are not accessible unless you first log in
with a username and password. So far so good. But the static HTML help files,
by virtue of being static, are accessible to anyone, authenticated or not.
Is there any way to place the web application's authentication mechanism in
front of the static HTML, so that it's accessible only to users who are
logged in? I've read through the tomcat configuration documentation, but
there doesn't seem to be any feature I can exploit to achieve this. Perhaps I
am missing something simple, or there is another way that doesn't involve
tomcat configuration, or perhaps I will have to modify or extend the default
servlet. Or maybe it isn't possible with Tomcat alone. Any ideas?
--
Richard
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 6, MyFaces, and "wrapping" static content
Posted by Richard Dymond <ri...@abridean.com>.
On Tuesday 24 July 2007 15:14:09 Caldarale, Charles R wrote:
> As has been stated so many times: read the servlet spec. In particular,
> look at section 12, which discusses security. If you're using
> declarative security, just set it up to cover all URLs for the webapp;
Section 12 doesn't seem relevant to my situation, since the authentication
mechanism is buried in the application.
> if you're using programmatic security, you're pretty much on your own,
> since the container isn't involved. You might want to consider putting
> the security in a filter in the latter case.
Using a servlet filter looks promising, though; thanks for the tip.
--
Richard
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat 6, MyFaces, and "wrapping" static content
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Richard Dymond [mailto:richard.dymond@abridean.com]
> Subject: Tomcat 6, MyFaces, and "wrapping" static content
>
> Is there any way to place the web application's
> authentication mechanism in front of the static
> HTML, so that it's accessible only to users who
> are logged in? I've read through the tomcat
> configuration documentation
As has been stated so many times: read the servlet spec. In particular,
look at section 12, which discusses security. If you're using
declarative security, just set it up to cover all URLs for the webapp;
if you're using programmatic security, you're pretty much on your own,
since the container isn't involved. You might want to consider putting
the security in a filter in the latter case.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org