You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by anil <an...@server.awcoldstream.on.ca> on 2001/07/01 00:19:20 UTC
Tomcat Security? How to get around this?
Hi All,
My web.xml looks like this.
<servlet>
<servlet-name>
Client
</servlet-name>
<servlet-class>
ca.ksb.client.Client
</servlet-class>
</servlet>
....
<servlet-mapping>
<servlet-name>Client</servlet-name>
<url-pattern>/protected/Client</url-pattern>
</servlet-mapping>
<security-constraint>
.......
<url-pattern>/protected/*</url-pattern>
.........
</security-constraint>
if I use http://www.my.com/protected/Client , tomcat prompts for
login window.
but I access http://www.my.com/servlet/Client , tomcat does not
prompt login window.
I do have some servlets that does not need any security. So I cannot
set /sevlet/* as protected area. One solution that I see is to move all
the protected servlet to the folder called /protected/ and setup web.xml
like below.
<servlet>
<servlet-name>
Client
</servlet-name>
<servlet-class>
/protected/ca.ksb.client.Client
</servlet-class>
<servlet-mapping>
<servlet-name>Client</servlet-name>
<url-pattern>Client</url-pattern>
</servlet-mapping>
<security-constraint>
.......
<url-pattern>/protected/*</url-pattern>
.........
</security-constraint>
is there any other way? what happens if I comment out this line in
server.xml.
<RequestInterceptor
className="org.apache.tomcat.request.InvokerInterceptor" debug="0"
prefix="/servlet/" />
Thanks
.anil