Re: Security constraints for different contexts

2004-07-05 Thread Rahman Syed 
Just wanted to ask this question again...does anyone have any ideas??  I'm 
really stuck here, any good tutorials or resources about security 
constraints would be helpful.  All of the ones I've seen online only handle 
one constraint at a time, I've never seen how they work in terms of best 
match first or otherwise.

Thanks,
Rahman
At 7/2/2004 11:47 AM, you wrote:
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to 
restrict access to one specific page.  The problem is that this page 
exists in different contexts, but using the same docbase.  You can get a 
better idea by looking at the first snippet included below.

You can see that the application itself is installed by default at context 
/wiki, and there will be additional copies at /wiki/wikione and so 
on.  My goal is to restrict /wiki/Edit.jsp to one role, 
/wiki/wikione/Edit.jsp to another role, etc.  The web.xml I'm using right 
now doesn't even prompt for authentication at all; the only time I can get 
it to authorize anything is when I only have one security constraint, for 
url-pattern /Edit.jsp.

Is there an easy to way to achieve this?  Thanks...
Rahman
Server.xml snippet:
 Context path=/wiki/wikione docBase=wiki debug=0
  Parameter name=jspwiki.propertyfile 
value=C:\tomcat\webapps\wiki\WEB-INF\wikione.properties
 override=false/
 /Context


The application's web.xml snippet:
   security-constraint
   web-resource-collection
   web-resource-nameProtected Area/web-resource-name
   url-pattern/wiki/Edit.jsp/url-pattern
   http-methodDELETE/http-method
   http-methodGET/http-method
   http-methodPOST/http-method
   http-methodPUT/http-method
   /web-resource-collection
   auth-constraint
   role-namewikiadmin/role-name
   /auth-constraint
   /security-constraint
   security-constraint
   web-resource-collection
   web-resource-nameProtected Area/web-resource-name
   url-pattern/wiki/wikione/Edit.jsp/url-pattern
   http-methodDELETE/http-method
   http-methodGET/http-method
   http-methodPOST/http-method
   http-methodPUT/http-method
   /web-resource-collection
   auth-constraint
   role-namewikioneadmin/role-name
   /auth-constraint
   /security-constraint
   login-config
  auth-methodBASIC/auth-method
  realm-nameJSPWiki Editor/realm-name
   /login-config

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Security constraints for different contexts

2004-07-02 Thread Rahman Syed 
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to 
restrict access to one specific page.  The problem is that this page exists 
in different contexts, but using the same docbase.  You can get a better 
idea by looking at the first snippet included below.

You can see that the application itself is installed by default at context 
/wiki, and there will be additional copies at /wiki/wikione and so 
on.  My goal is to restrict /wiki/Edit.jsp to one role, 
/wiki/wikione/Edit.jsp to another role, etc.  The web.xml I'm using right 
now doesn't even prompt for authentication at all; the only time I can get 
it to authorize anything is when I only have one security constraint, for 
url-pattern /Edit.jsp.

Is there an easy to way to achieve this?  Thanks...
Rahman
Server.xml snippet:
 Context path=/wiki/wikione docBase=wiki debug=0
  Parameter name=jspwiki.propertyfile 
value=C:\tomcat\webapps\wiki\WEB-INF\wikione.properties
 override=false/
 /Context


The application's web.xml snippet:
   security-constraint
   web-resource-collection
   web-resource-nameProtected Area/web-resource-name
   url-pattern/wiki/Edit.jsp/url-pattern
   http-methodDELETE/http-method
   http-methodGET/http-method
   http-methodPOST/http-method
   http-methodPUT/http-method
   /web-resource-collection
   auth-constraint
   role-namewikiadmin/role-name
   /auth-constraint
   /security-constraint
   security-constraint
   web-resource-collection
   web-resource-nameProtected Area/web-resource-name
   url-pattern/wiki/wikione/Edit.jsp/url-pattern
   http-methodDELETE/http-method
   http-methodGET/http-method
   http-methodPOST/http-method
   http-methodPUT/http-method
   /web-resource-collection
   auth-constraint
   role-namewikioneadmin/role-name
   /auth-constraint
   /security-constraint
   login-config
  auth-methodBASIC/auth-method
  realm-nameJSPWiki Editor/realm-name
   /login-config

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]