You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Jian <dj...@UU.NET> on 2000/04/07 23:40:49 UTC
Re: User authorization?
Troy:
If I take this way to protect /site, can I use request.getRemoteUser to
return the user name (tomcat)?
Can you give me an web.xml that protect the /examples/jsp/snp/ and let the
snoop.jsp display Remote User? Without authentication, it's null.
Thanks and look forward to your reply
DJ
At 01:53 PM 03/28/2000 -0400, you wrote:
>I've gotten Tomcat standalone on Win98 to use Basic authentication. I
>tracked my earlier problems to a bug in the Base 64 decoder (Bug #52) which
>has now been fixed (Thanks! Next time I'll check there first;). Likely that
>will solve your problem. I haven't used Form based authentication so I can't
>help there, and Digest and SSL is not implemented yet.
>
>Just in case you have ather problems, I'm not sure if this is the simplest
>possible configuration but if you get a build with the fix the following
>should work:
>
>/conf/server.xml, no changes
>/conf/web.xml, no changes
>
>/webapps/myWebAppName/Web-inf/web.xml, excerpts below :
>
><?xml version="1.0" encoding="ISO-8859-1"?>
><!DOCTYPE web-app
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
>
><web-app>
> <servlet>
> <servlet-name>
> site
> </servlet-name>
> <servlet-class>
> SiteList
> </servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>
> site
> </servlet-name>
> <url-pattern>
> /site
> </url-pattern>
> </servlet-mapping>
>
><!-- Etc.... -->
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Tomcat</realm-name>
></login-config>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>all</web-resource-name>
> <url-pattern>/site</url-pattern>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
></web-app>
>
>
>This should restrict access to /site to users in the role tomcat. You can
>add more <url-pattern> tags to the <security-constraint> to protect
>additional urls as well as more <role-name> tags. You can also create
>multiple <security-constraint> blocks.
>
>Adding more users is done by editing /conf/tomcat-users.xml . To add more
>roles just add them to a user tag(s) in a comma delimited list:
><user name="tomcat" password="tomcat" roles="tomcat,role1,another_role" />
>
>Hope this helps, good luck!
>
>Troy
>
>--------------------------
>Troy MacNeil
>Software Designer
>Packetware
>http://www.trakonic.com
>tmacneil@trakonic.com
>--------------------------
>
>
>
>----- Original Message -----
>From: John Coonrod <jc...@thp.org>
>To: <to...@jakarta.apache.org>
>Sent: Tuesday, March 28, 2000 11:54 AM
>Subject: User authorization?
>
>
>> I've downloaded the 3/27 3.1 beta rc1 and tried to get the builtin
>webserver
>> to require a login, but without success.
>>
>> I added some <login-config> and <security-contraint> sequences into the
>> web.xml file per an example given last week.
>>
>> Is there a "simplest possible" example of how to do this?
>>
>> On a related matter - the earlier beta seemed to return the remote host
>name
>> without logging in, but this one does not.
>>
>> Please advise. I really need the remote-user feature.
>>
>>
>> ----------------
>> Dr. John Coonrod, Vice President, jc@thp.org
>> The Hunger Project, 15 East 26th Street, NY, NY 10010 www.thp.org
>>
>>
>> --------------------------------------------------------------------------
>> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commmands, email: tomcat-user-help@jakarta.apache.org
>>
>
>
>--------------------------------------------------------------------------
>To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commmands, email: tomcat-user-help@jakarta.apache.org
>
>
>