Hi,
I am trying to set up Tomcat as a secure web engine.
>From the tutorial I understood that you should insert the following
lines in web.xml and the password protection should work.
This works perfectly for files in the root directory (/*), it does not
work for files in subdirectories, like /secure/*.
Have you have ever seen this problem before?
Thanks for any help
-- Rosaria
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
...
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<description>Security constraint on all files</description>
<url-pattern>/*</url-pattern>
<url-pattern>/secure/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>admin can login</description>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- LOGIN AUTHENTICATION -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<!-- SECURITY ROLES -->
<security-role>
<description>The most secure role</description>
<role-name>admin</role-name>
</security-role>
</web-app>
-- Rosaria
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
