You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Rob Cartier <rc...@snet.net> on 2001/09/21 15:39:11 UTC

Tomcat: can I use .htaccess files to protect html files

I was looking through and trying to apply minimal security
to a directory like I do in apache . But so far I am not able 
to get it to work on tomcat 4.0

any pointers

.htaccess file is stored in the directory I am trying to secure

AuthUserFile /var/www/passfile*
AuthGroupFile /dev/null
AuthName Protected Area
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

Any ideas ??

Rob

Re: Tomcat: can I use .htaccess files to protect html files

Posted by Jonathan Eric Miller <je...@uchicago.edu>.

If you are using Tomcat in standalone mode, you can put something similar to
the following in your web.xml file to do that. For more information, check
out the Servlet 2.3 spec which you can get at the following URL.

http://jcp.org/aboutJava/communityprocess/first/jsr053/index.html

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>Protected Area</web-resource-name>
   <url-pattern>/index.html</url-pattern>
  </web-resource-collection>
  <auth-constraint>
   <role-name>tomcat</role-name>
  </auth-constraint>
  </security-constraint>
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Protected Area</realm-name>
 </login-config>
</web-app>

Jon

----- Original Message -----
From: "Rob Cartier" <rc...@snet.net>
To: <to...@jakarta.apache.org>
Sent: Friday, September 21, 2001 8:39 AM
Subject: Tomcat: can I use .htaccess files to protect html files


> I was looking through and trying to apply minimal security
> to a directory like I do in apache . But so far I am not able
> to get it to work on tomcat 4.0
>
> any pointers
>
> .htaccess file is stored in the directory I am trying to secure
>
> AuthUserFile /var/www/passfile*
> AuthGroupFile /dev/null
> AuthName Protected Area
> AuthType Basic
> <Limit GET POST>
> require valid-user
> </Limit>
>
> Any ideas ??
>
> Rob
>