You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Colin71 <c....@chello.nl> on 2007/05/19 14:21:50 UTC
Tomcat WebDAV Security
Hi,
I want to use tomcat/webdav as a simple file server.
The only restriction is that I want files with certain extensions to be read
only
and all other files read/write (i.e. files with suffix myext.xls to be read
only where filenames can be file1.myext.xls).
I have tried to do this by adjusting parameters in the webdav/web.xml file
but I can't figure out a way of doing the above.
I can do this if I have 2 user logins, where one is read/write and the other
is read only but not for a single user
(whereby I attempt to configure multiple security constraints or
url-patterns for a given user role).
My question is, is this possible using the webdav/web.xml file or do I need
to look into jaas realms or something else?
Thanks,
Colin
--
View this message in context: http://www.nabble.com/Tomcat-WebDAV-Security-tf3782245.html#a10696324
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat WebDAV Security
Posted by Mark Thomas <ma...@apache.org>.
Colin71 wrote:
> My question is, is this possible using the webdav/web.xml file or do I need
> to look into jaas realms or something else?
This should work but I haven't tested it:
- set the readonly init-param for the webdav servlet to false
- use security constraints to limit the methods permitted on
different files (see SRV.12.8 in the Servlet spec)
HTH,
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org