You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rahul R <ra...@gmail.com> on 2012/06/14 16:06:09 UTC
Exclude url from authorized access-web.xml
Hi All,
I have an issue with allowing access to a page which is secured using
active directory authentication. I want some pages/content to be excluded
from this. Following is my web.xml file under conf of tomcat.
[code=java]
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected
Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<--! These are the groups in AD -->
<role-name>Engineering</role-
name>
<role-name>Migration Expert</role-name>
<role-name>Developers</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/update/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Services Portal</realm-name>
</login-config>
[/code]
As per my understanding, this should allow url's with a content "update"
and allow other pages only with AD credentials. But this is not working for
me now. Its asking for the credentials even for the url with "update".
Tomcat Version:7
Env:Linux
Url:http://myserver.com:8080/solar/index.jsp. Here its asking the
credentials, its fine and as expected.
url with "update" in the address: http://myserver.com:8080/solar/site/update.
When I access this url, its still asking for the credentials.
I am not really sure why this is happening. Could anyone here can help me
on this?
--
Thanks,
Regards,
Rahul R
Re: Exclude url from authorized access-web.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rahul,
On 7/12/12 2:55 AM, Rahul R wrote:
> How can I add an email id to auth instead of adding a whole group?
You can't.
> Is that possible?
Not when using the servlet-spec-defined authorization features. You
can certainly implement anything you want on top of that.
> I don't want to give the access to all the members of the groups in
> the AD.
So make up a new group. It will be very exclusive.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAAI+oACgkQ9CaO5/Lv0PANHACeKk0D+fEmEEVTIDcFYmpF2bsf
A6cAnRfuiJdrudfJxvVvQp9feMzHMmov
=n2E/
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Exclude url from authorized access-web.xml
Posted by Rahul R <ra...@gmail.com>.
How can I add an email id to auth instead of adding a whole group? Is that
possible? I don't want to give the access to all the members of the groups
in the AD. Following is the web.xml of my tomcat.
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected
Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<--! These are the groups in AD -->
<role-name>Engineering</role- name>
<role-name>Migration Expert</role-name>
<role-name>Developers</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/update/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Services Portal</realm-name>
</login-config>
On Thu, Jun 14, 2012 at 8:00 PM, Pid <pi...@pidster.com> wrote:
> On 14/06/2012 15:06, Rahul R wrote:
> > Hi All,
> >
> > I have an issue with allowing access to a page which is secured using
> > active directory authentication. I want some pages/content to be excluded
> > from this. Following is my web.xml file under conf of tomcat.
> >
> >
> > [code=java]
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Protected
> > Area</web-resource-name>
> > <url-pattern>/*</url-pattern>
> > </web-resource-collection>
> >
> > <auth-constraint>
> > <--! These are the groups in AD -->
> > <role-name>Engineering</role-
> > name>
> > <role-name>Migration Expert</role-name>
> > <role-name>Developers</role-name>
> >
> > </auth-constraint>
> > </security-constraint>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <url-pattern>/update/*</url-pattern>
> > </web-resource-collection>
> > </security-constraint>
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Services Portal</realm-name>
> > </login-config>
> >
> > [/code]
> >
> > As per my understanding, this should allow url's with a content "update"
> > and allow other pages only with AD credentials. But this is not working
> for
> > me now. Its asking for the credentials even for the url with "update".
> >
> > Tomcat Version:7
> > Env:Linux
> > Url:http://myserver.com:8080/solar/index.jsp. Here its asking the
> > credentials, its fine and as expected.
> >
> > url with "update" in the address:
> http://myserver.com:8080/solar/site/update.
> > When I access this url, its still asking for the credentials.
>
> This:
> /solar/site/update
>
> does not match this pattern:
> <url-pattern>/update/*</url-pattern>
>
>
> the pattern would have to be:
> <url-pattern>/site/update/*</url-pattern>
>
>
> p
>
> > I am not really sure why this is happening. Could anyone here can help me
> > on this?
> >
> >
>
>
> --
>
> [key:62590808]
>
>
--
Thanks,
Regards,
Rahul R
.~.
/V\
// \\
/( )\
^`~'^
Mob: 09008030921
Re: Exclude url from authorized access-web.xml
Posted by Pid <pi...@pidster.com>.
On 14/06/2012 15:06, Rahul R wrote:
> Hi All,
>
> I have an issue with allowing access to a page which is secured using
> active directory authentication. I want some pages/content to be excluded
> from this. Following is my web.xml file under conf of tomcat.
>
>
> [code=java]
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected
> Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
>
> <auth-constraint>
> <--! These are the groups in AD -->
> <role-name>Engineering</role-
> name>
> <role-name>Migration Expert</role-name>
> <role-name>Developers</role-name>
>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <url-pattern>/update/*</url-pattern>
> </web-resource-collection>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Services Portal</realm-name>
> </login-config>
>
> [/code]
>
> As per my understanding, this should allow url's with a content "update"
> and allow other pages only with AD credentials. But this is not working for
> me now. Its asking for the credentials even for the url with "update".
>
> Tomcat Version:7
> Env:Linux
> Url:http://myserver.com:8080/solar/index.jsp. Here its asking the
> credentials, its fine and as expected.
>
> url with "update" in the address: http://myserver.com:8080/solar/site/update.
> When I access this url, its still asking for the credentials.
This:
/solar/site/update
does not match this pattern:
<url-pattern>/update/*</url-pattern>
the pattern would have to be:
<url-pattern>/site/update/*</url-pattern>
p
> I am not really sure why this is happening. Could anyone here can help me
> on this?
>
>
--
[key:62590808]