security-constraint not working, help please...

Hello all, I'm ready to pull my hair out getting the security constraint to work. Basically, I need to forward all traffic except one directory to the https port. I've got it to work if I use the url-pattern of "/*". However, when I specify the patterns to accompli

Re: Security Constraint

this application has no security constraint in its web.xml file - I don't know why it's trying to serve up a certificate. In addition, you have to click 'yes' on the security dialog three times, as if it's trying to serve the certificate three times in a row. And, in the end,

Security Constraint

I have a new servlet which I've created - whenever you try to access this servlet, I get the security certificate dialog box (do you want to accept this certificate). However, this application has no security constraint in its web.xml file - I don't know why it's trying to serve u

RE: security-constraint to limit jsp access

> To: [EMAIL PROTECTED] > Subject: security-constraint to limit jsp access > > > > I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being > accessed directly. Instead of throwing them in the WEB-INF folder, I'd > rather just restrict a

Re: security-constraint to limit jsp access

I am not sure if its already mentioned. JSP files stashed under WEB-INF/ are not accessable directly. --- Parsons Technical Services <[EMAIL PROTECTED]> wrote: > Jay, > > I think you need the auth-constraint tags. > > > > >

Re: security-constraint to limit jsp access

I am not sure if its already mentioned. JSP files stashed under WEB-INF/ are not accessable directly. --- Parsons Technical Services <[EMAIL PROTECTED]> wrote: > Jay, > > I think you need the auth-constraint tags. > > > > >

Re: security-constraint to limit jsp access

Jay, I think you need the auth-constraint tags. Example Security Constraint Protected Area /security/protected/* DELETE GET POST PUT role1 Then don't give anyone

security-constraint to limit jsp access

I have a struts 1.2.4 webapp in which I'm trying to hide my jsp's from being accessed directly. Instead of throwing them in the WEB-INF folder, I'd rather just restrict access to them through the security-constraint in the web.xml. I recently read that adding:

Re: problem with security-constraint with Tomcat 5

, October 18, 2004 7:45 AM Subject: RE: problem with security-constraint with Tomcat 5 Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated that a url pattern with 2 dots is illegal. - Cecile Mercado -Original Message- From: Shapira, Yoav [mailto:[EMAIL

Re: problem with security-constraint with Tomcat 5

On Mon, 18 Oct 2004 10:45:23 -0400, Mercado . Maria <[EMAIL PROTECTED]> wrote: > Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated > that a url pattern with 2 dots is illegal. Most systems I am aware of consider that the extension is the last dot. Otherwise, it star

RE: problem with security-constraint with Tomcat 5

t: RE: problem with security-constraint with Tomcat 5 Hi, Could this be something that changed (or rather, was clarified) in the Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4 (which Tomcat 5.x implements)? ;) Yoav Shapira http://www.yoavshapira.com >-Original

RE: problem with security-constraint with Tomcat 5

[EMAIL PROTECTED] >Sent: Monday, October 18, 2004 10:08 AM >To: [EMAIL PROTECTED] >Subject: problem with security-constraint with Tomcat 5 > >I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28. >We're also using Tiles and Struts 1.1. The problem is that T

problem with security-constraint with Tomcat 5

I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28. We're also using Tiles and Struts 1.1. The problem is that Tomcat 5 seems to be confused with a url pattern that works with Tomcat 4. Here's the pertinent parts of web.xml (I get the same results with 2.3 or 2.4 versi

Security Constraint - Tomcat 5.0

Goodmorning all, Can I set a security constraint saying that i need to protect all except a directory or a certain file? My folder tree is quite like this one: myApp | + - - /images/ | + - - /WEB-INF/ | + -- *.jsp files Well, what I need is to protect all, but to

Re: security-constraint in web.xml

Your suggestion work perfectly Thank you very much. Fabian Bill Barker wrote: You simply need to have two security-constraints: One looks like below, and the other has /*, and doesn't have an auth-constraint. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I need help to configure a se

Re: security-constraint in web.xml

You simply need to have two security-constraints: One looks like below, and the other has /*, and doesn't have an auth-constraint. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I need help to configure a secure application. I'm trying to request a client certificate in one page only

Re: security-constraint in web.xml

On Mon, 16 Aug 2004 09:58:04 -0300 [EMAIL PROTECTED] wrote > I need help to configure a secure application. > I'm trying to request a client certificate in one page only (the rest should > be accesible without presenting a certificate) and force to use SSL in the > entire application. > > I put t

Re: security-constraint in web.xml

Not sure you can do this with Tomcat alone (but would be happy to be shown the error of my ways). This is because every ssl connection uses the same SSLSocketFactory configuration irrespective of requested URI. The mod_ssl module for Apache has support for this type of config, though: http://www

security-constraint in web.xml

I need help to configure a secure application. I'm trying to request a client certificate in one page only (the rest should be accesible without presenting a certificate) and force to use SSL in the entire application. I put the following in the web.xml certificates

security-constraint in web.xml

Hello, how are you? I need help to configure a secure application. I am trying to request client certificate in only one page and force to use SSL in the entire application. I put the following in the web.xml certificates /certificates/add.action

RE: Overlapping security-constraint definitions?

bject: Re: Overlapping security-constraint definitions? It's true that how Overlapping security-constraints are handled has changed between TC 4 & TC 5 (since they changed in the servlet-spec), but that's not what is causing

Re: Overlapping security-constraint definitions?

t all of your edit* URLs. "Craig Berry" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I recently moved from Tomcat 4 to 5, and have discovered that the handling of overlapping security-constraint definitions in web.xml seems to have changed. I am hoping someone can recommend

Overlapping security-constraint definitions?

I recently moved from Tomcat 4 to 5, and have discovered that the handling of overlapping security-constraint definitions in web.xml seems to have changed. I am hoping someone can recommend the best way to accomplish what I need to do under TC5. I have two possible user roles. All users have

Tomcat 5 with HTTPS to protect a subset of a webapp : pb url-pattern + security constraint

Hello there, I use the classic Tomcat 5.0.18 without any modif. I would like to protect a subset of my webapp. to do so, I did the following stuffs: - I configured my Tomcat to accept SSL - I added a security-constraint in web.xml I am facing the following problems: 1. the url-pattern /frwk

RE: Can webapps 'share' a security-constraint?

Look at the SingleSignOn valve. -Original Message- From: Barnet Wagman [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 16:53 To: Tomcat Users List Subject: Can webapps 'share' a security-constraint? I'd like users to be able to login once and get access to several we

RE: Can webapps 'share' a security-constraint?

n [mailto:[EMAIL PROTECTED] >Sent: Wednesday, May 26, 2004 11:53 AM >To: Tomcat Users List >Subject: Can webapps 'share' a security-constraint? > >I'd like users to be able to login once and get access to several web >apps. Is it possible for web apps to 'share&

Can webapps 'share' a security-constraint?

ut users still need to log into each web app separately. I.e. if conf/web.xml contains a security constraint that such as Site access constraint Protected Area /WebApp_A/*

tomcat security constraint with jk and apache

I have Apache2 running as the front end handling all the client PKI authentication. Then Tomcat 4.1 using security constraints in the web.xml. Now I use jk to connect them together and it works fine, sort of. I can access protected files inside of Tomcat from Apache. Specifically any file that

security-constraint question

I have a web application which uses a security-constraint in the deployment descriptor. My lone url-pattern in my web-resource-collection is for my welcome page. This has worked well enough. However, now I wish to access a specific URL, a servlet that produces pdf documents, bypassing the

Re: transitioning from non-logged in to logged in using security constraint....

no, my question wasn't whether request.getRemoteUser() returns null or not. HOW, specifically, does tomcat populate that information using the j_security_check and the security-constraint nodes in the web.xml??? __ Do you Yahoo!? Yahoo! Mail - More rel

Re: transitioning from non-logged in to logged in using security constraint....

On 03/12/2004 03:34 PM Paul Tomsic wrote: What does tomcat do to ensure that you're logged in while using the j_security_check ? We're trying to transition users from non-logged in to logged in, but we've got a fair amt. of portions of the site that should be accessible from both states (non-logged

transitioning from non-logged in to logged in using security constraint....

What does tomcat do to ensure that you're logged in while using the j_security_check ? We're trying to transition users from non-logged in to logged in, but we've got a fair amt. of portions of the site that should be accessible from both states (non-logged in and logged in) Is there something, pr

Re: security-constraint node question

tance method's getPrincipal, getRemoteUser, or isUserInRole to decide ig the user can do what you want. The jey point is the servlet spec only places security constraint on the *incoming* URL. (for 2.3 --> tomcat 4.x) -Tim John MccLain wrote: How would I get Tomcat to use a database table i

security-constraint node question

How would I get Tomcat to use a database table instead of the web or server .xml files' .. to enforce authorization? I would prefer to have objects in my webapp to have configurable authorization applied to them outside of tomcat configuration files; Done more like JDBCRealm authentication. -

Re: security constraint bug?

"Brandon Goodin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have the following security constraint specified in my web.xml: > > > > > > > > Customer Area > > /customer/* > > > >

security constraint bug?

I have the following security constraint specified in my web.xml: Customer Area /customer/* customer When I go to the following url it gets blocked. http://phase.zapto.org:8282/customer.do I'm assuming this is a bug. Is i

Security Constraint works on port 8080 but not on 80 (Through mod_jk)

I thought it would be a good idea to have a place to learn while I have my server on-line business uses. In my server.xml I have two sessions running. One should answer on 8080 and the other off port 80 through mod_jk/apache. I am testing a simple BASIC auth setup and for some reason the app answer

Re: help using JDBCRealm - how to relate a realm with a security constraint

security-constraint tag ( Area de pruebas de seguridad /cosa.jsp /test.jsp DELETE GET POST PUT rol de administrador YYY ) This looks good. What is the

help using JDBCRealm - how to relate a realm with a security constraint

Hi! I am trying to set up security management for my web applications through JDBCRealm. What i have done: 1. modify the server.xml file to add a Realm tag () Database and corresponding tables exists 2. modify the web.xml to add a security-constraint tag ( Area de pruebas de seguridad

Re: security-constraint question

Thanks guys, I got it... - Original Message - From: "Giselle Dazzi" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, November 04, 2003 10:29 PM Subject: Re: security-constraint question > Im having a hard time calli

Re: security-constraint question

From: "Christopher Schultz" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, November 04, 2003 8:58 PM Subject: Re: security-constraint question > Giselle, > > Im using the feature of Tomcat. Everything > > works well, but

Re: security-constraint question

See the HttpServletRequest class. (getRemoteUser() or getUserPrincipal()) -Tim Giselle Dazzi wrote: Hi everybody, Im using the feature of Tomcat. Everything works well, but I dont know how to retrieve the login entered during authentication to use it throughout my application... Have you guys d

Re: security-constraint question

Giselle, Im using the feature of Tomcat. Everything works well, but I dont know how to retrieve the login entered during authentication to use it throughout my application... Have you guys done this before ? What you want is request.getUserPrincipal(). This will return a java.security.Principal o

Re: security-constraint question

First of all, I am not sure that you need in teh web.xml if you user form-based authentication. You may use getRemoteUser() to get the name of the user. --- Giselle Dazzi <[EMAIL PROTECTED]> wrote: > Hi everybody, > > Im using the feature of > Tomcat. Everything works well, but I dont know how

security-constraint question

Hi everybody, Im using the feature of Tomcat. Everything works well, but I dont know how to retrieve the login entered during authentication to use it throughout my application... Have you guys done this before ? thx My login page is specified in my web.xml: FORM Autenticacao

Re: Broken?: security constraint for actions

You can't use query strings in security constraints. You can always to programmtic authorization via request.isUserInRole(userName) -Tim [EMAIL PROTECTED] wrote: Hello, I have set up a struts-like web app running under Tomcat 4.1.27 on win2000 and JDK1.4.2. I want to restrict access parts of

Re: Broken?: security constraint for actions

Perhaps you should try using distinct directories instead? That should work a little more cleanly. Todd - Original Message - From: <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, August 29, 2003 3:01 AM Subject: Broken?: security

Broken?: security constraint for actions

Hello, I have set up a struts-like web app running under Tomcat 4.1.27 on win2000 and JDK1.4.2. I want to restrict access parts of my app based on the "action" parameter in the URL. That is, calls to /controller?action=deposit can be made by members of the group "user". But, say, calls to

RE: Tomcat 4.0.3: security-constraint error in web.xml

Here's another good resource http://edocs.bea.com/wls/docs61/webapp/webappdeployment.html#1012209 Cheers -Original Message- From: tito santini [mailto:[EMAIL PROTECTED] Sent: 28 August 2003 15:24 To: Tomcat Users List Subject: Tomcat 4.0.3: security-constraint error in web.xml

RE: Tomcat 4.0.3: security-constraint error in web.xml

rvlet specification from Sun for the full DTD -Original Message- From: tito santini [mailto:[EMAIL PROTECTED] Sent: 28 August 2003 15:24 To: Tomcat Users List Subject: Tomcat 4.0.3: security-constraint error in web.xml Dear all, we actually have this very "boring" problem on Tomcat 4.0

Tomcat 4.0.3: security-constraint error in web.xml

atch "(icon?,display-name?,description?,distributable?,context-param*,servlet*,se rvlet-mapping*,session-config?,mime-mapping*,welcome-file-list?,error-page*, taglib*,resource-ref*,security-constraint*,login-config?,security-role*,env- entry*,ejb-ref*)" What's wrong? Any hint? V

Problem with applet in jar file accessed from JSP page in area protected with a security constraint.

The problem occurs under my test environment which is a Mac Powerbook G4 running OS X 10.2.6 with Java Plug-in 1.4.1_01. I am running tomcat on this machine. I am trying to first install and then extend a web application that is deployed under tomcat 4.1.24. There is a login based configura

Re: File cannot be download with security-constraint...

Cool. Was just writing a response about the headers tomcat adds when using a security restraint. But you've already worked it out... I've only seen the problem when using IE with SSL + security constraint but i guess it's more of a general problem. :( Jon Rob Tomlin wrote: ah t

RE: File cannot be download with security-constraint...

> ah the old IE + SSL + cacheing problem ;) This seems to solve the problem: response.setHeader("Cache-Control", "public"); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

RE: File cannot be download with security-constraint...

> ah the old IE + SSL + cacheing problem ;) I am not using SSL, I haveadding the suggested code it does not solve the problem... Cheers Rob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL

Re: File cannot be download with security-constraint...

ah the old IE + SSL + cacheing problem ;) Try adding: final String userAgent = request.getHeader("user-agent"); if (response.containsHeader("Pragma") && userAgent!=null && userAgent.toUpperCase().indexOf("MSIE")>-1) { response.setHeader("Pragma", "public"); } Solved it for us. Jon R

File cannot be download with security-constraint...

Hi, I have a serlvet that is used to download a file to the client. I am using Tomcat 4.1.24, with IE6. All is fine when no is applied in the deployment descriptor, but when I introduce such a constraint the file cannot be downloaded. I recieve the error: Internet Explorer cannot download serv

RE: security constraint & web.xml

Thanks John - solved. -Original Message- From: John Rishea [mailto:[EMAIL PROTECTED] Sent: 14 June 2003 16:46 To: Tomcat Users List Subject: RE: security constraint & web.xml Euan, If you look at the DTD 2.3 specs, the and entries have to be placed after the entries. It&#x

RE: security constraint & web.xml

EMAIL PROTECTED] Sent: Saturday, June 14, 2003 9:41 AM To: '[EMAIL PROTECTED]' Subject: security constraint & web.xml The security constraint I am adding is screwing up my web.xml. After adding the contraint tomcat cannot find my taglibs. Any ideas? (web.xml below) Thanks, Euan

security constraint & web.xml

The security constraint I am adding is screwing up my web.xml. After adding the contraint tomcat cannot find my taglibs. Any ideas? (web.xml below) Thanks, Euan http://java.sun.com/dtd/web-app_2_3.dtd";> TestOnline Build of Test webmaster [EMAIL P

Remove role from security constraint?

Hi! Does anybody know a method to remove a role from a security constraint during runtime? I need this for disabling logins for ordinary users during special maintenance inside the application. cu, boris -- Dipl.-Inf. Boris Folgmann mailto:[EMAIL PROTECTED] Folgmann IT-Consulting

Tomcat and security-constraint

Hi all My conf: Tomcat 4.1.18 LE JDK1.4 Apache 2.0.44 with openssl mod_jk I want to secure a JSP page, but not with authentication, only with HTTPS support. So i added the lines in WEB.XML Test securing JSP pages Test securing JSP pages /jsp/users/*.jsp

Re: R: Bypassing security-constraint in 4.0.2

* Simone Chiaretta ([EMAIL PROTECTED]) wrote : > Don't know > probably it's bug of 4.0.2 > it's a very old release... I've 4.0.4, I tried bypassing the security to > test if I'm affected too > but it always ask me authentication > > I suggest that u upgrade to a newer release of the server Hi,

R: Bypassing security-constraint in 4.0.2

--- > Da: Paul Downs [mailto:[EMAIL PROTECTED] > Inviato: martedi 4 marzo 2003 12.03 > A: Tomcat Users List > Oggetto: Bypassing security-constraint in 4.0.2 > > > > Hi, > If I have the following configuration: > > > > site > /secret/* >

Bypassing security-constraint in 4.0.2

Hi, If I have the following configuration: site /secret/* administrator I get prompted for a username and password for this url: www.testing.com/secret/ but not for this: www.testing.com//secret was this a known bug, I couldn't find much about it and thoug

Re: IIS+Tomcat security constraint = Unauthorized: Logon Failed

Message - From: "Felipe" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Monday, February 10, 2003 14:39 Subject: RE: IIS+Tomcat security constraint = Unauthorized: Logon Failed > Yes. I can authenticate through the tomcat s

RE: IIS+Tomcat security constraint = Unauthorized: Logon Failed

:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 3:50 PM To: Tomcat Users List Subject: Re: IIS+Tomcat security constraint = Unauthorized: Logon Failed Can you authenticate through the Tomcat standalone port? Or does that fail as well? What method of authentication are you using? BASIC or DIGEST

Re: IIS+Tomcat security constraint = Unauthorized: Logon Failed

> Sent: Monday, February 10, 2003 09:08 Subject: RE: IIS+Tomcat security constraint = Unauthorized: Logon Failed > Yes. I have defined the user, password and role and everything else needed > to make it work on tomcat. What seems to be the problem is that IIS is > trying to authenticate

RE: IIS+Tomcat security constraint = Unauthorized: Logon Failed

the "Unauthorized: Logon Failed" error page regardless the valid user and password). I know the ISAPI filter is working because if I remove the security constraint from tomcat I can get to it and I know the tomcat security constraint is working because if I can get to it using the "st

Re: IIS+Tomcat security constraint = Unauthorized: Logon Failed

Programmer SBD Consultants http://www.sbdconsultants.com - Original Message - From: "Felipe Crochik" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 09, 2003 21:34 Subject: IIS+Tomcat security constraint = Unauthorized: Logon Failed > I am

IIS+Tomcat security constraint = Unauthorized: Logon Failed

I am trying to use the tomcat security constraints "behind" an IIS web server. I know tomcat and the ISAPI filter are working. Also, Tomcat authorization is working bypassing IIS using port 8080. When I try to reach the exactly same application through IIS (port 80) I get the user validation dial

RE: Security constraint problem with v4.1.18

Error messages, what happens, what doesn't happen, what should happen? Michael > -Original Message- > From: Peter Lee [mailto:[EMAIL PROTECTED]] > Sent: Freitag, 27. Dezember 2002 21:22 > To: [EMAIL PROTECTED] > Subject: RE: Security constraint problem with v4.1.1

RE: Security constraint problem with v4.1.18

ens if you don't specify these, too. Mech P.S. Merry Christmas! > -Original Message- > From: Peter Lee [mailto:[EMAIL PROTECTED]] > Sent: Mittwoch, 25. Dezember 2002 00:01 > To: [EMAIL PROTECTED] > Subject: Security constraint problem with v4.1.18 > > > I up

Security constraint problem with v4.1.18

I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented

Security constraint problem with v4.1.18

I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented

Security Constraint and Server.xml and Login Config

Hi , How is everyone doing, hope ok. I have this problem with trying to use Basic authentication with my web app. I have Tomcat 4.1.10 up and running on win 2000 machine using j2sdk1.4. Tomcat is listening on port 8443 for SSL connnections. I would like the browser to display a login box to

How to set up a security constraint?

BASIC Sysop Pages This is where my problem is. User admin and sysop can access both the admin and the sysop sections. I must have set the security constraint incorrect. Can someone please point out what is wrong. Thanks Alex

Re: Security Constraint in web.xml

> http://localhost:8080/test/servlet/foo) then a login page comes up and the > person has to sign in. But, if the person tries to access a different > servlet (i.e.: http://localhost:8080/test/servlet/bar) then no login page > appears. Can this be done in the security constraint in my web.xm

Security Constraint in web.xml

://localhost:8080/test/servlet/bar) then no login page appears. Can this be done in the security constraint in my web.xml? If so, how? I have tried before and keep getting errors! Thanks, Kevin Kevin Andryc Web Systems Engineer MISER http://www.umass.edu/miser/ Phone: (413)-545-3460 [EMAIL PROTECTED

Re: web.xml security-constraint bug?

OTECTED]> > To: [EMAIL PROTECTED] > Subject: web.xml security-constraint bug? > > i noticed that if you add the url-pattern /* as a web-resource-collection > in a security constraint > and you use FORM auth-method for login-config > > if form-login-page is included in the

Re: web.xml security-constraint bug?

On Thu, 1 Aug 2002 [EMAIL PROTECTED] wrote: > Date: Thu, 1 Aug 2002 18:15:17 -0400 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: web.xml security-constraint bug? > > i noticed that if you add the url-p

web.xml security-constraint bug?

i noticed that if you add the url-pattern /* as a web-resource-collection in a security constraint and you use FORM auth-method for login-config if form-login-page is included in the same webapp, there seems to be an endless loop. is there anyway to specify an url-pattern that includes all

Re: mod_jk - not honoring security constraint

LOL - nevermind! I'm stupid - that's my problem. Tomcat doens't protect html files - and that's all there really is in the docs! Duh! All I did was prove that Apache is doing what it should do. ... which is what the logfiles told me - but I've been staring at this so long ... well, I thin

mod_jk - not honoring security constraint

Tomcat 4.0.4 - Apache 1.3.23 I got everything "working" (I thought) and then set up a BASIC auth on the entire /tomcat-docs/* path. It happily serves it without making me login. Is this me or mod_jk? Thanks, Eddie -- To unsubscribe, e-mail: For additional comm

Re: More complex security-constraint options

) I don't know if this would work but list the other jsp's in a | separate security-constraint giving everyone access to these jsps... (I | don't know if this is possible - I would do A - it better follows | MVC...) | | -Original Message- | From: Joel Baker [mailto:[EMAIL PROTE

RE: More complex security-constraint options

Joel, You could: A) Setup a servlet that just included this jsp's. B) I don't know if this would work but list the other jsp's in a separate security-constraint giving everyone access to these jsps... (I don't know if this is possible - I would do A - it better follows MV

Re: More complex security-constraint options

I want to restrict all of /*.jsp except a few jsp files that are used for logging on and such. I currently have a security-constraint doing this (restricting access to *.jsp) but of course I can't find any way of allowing the few jsps I want to publically allow. Joel. ""

RE: More complex security-constraint options

Joel, Setup a in the web.xml that includes the url that you want to restrict. -Original Message- From: Joel Baker [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 10:24 PM To: [EMAIL PROTECTED] Subject: More complex security-constraint options Hi all, I'm trying to c

More complex security-constraint options

Hi all, I'm trying to create a web application that imposes a security constraint on all but a few of the JSP pages. I don't want to split up the application putting the non-public stuff in a private directory and only applying the security-constraint to this, as this isn't as

RE: HELP! BASIC authentication and security-constraint issue, 3.2.3

Sorry, my tomcat-users.xml should read: -Original Message- From: Roland Chan [mailto:[EMAIL PROTECTED]] Sent: April 30, 2002 1:06 PM To: '[EMAIL PROTECTED]' Subject: HELP! BASIC authentication and security-constraint issue, 3.2.3 Hello, I'm having an issue wit

HELP! BASIC authentication and security-constraint issue, 3.2.3

Hello, I'm having an issue with testing BASIC authentication with 3.2.3. Althought the window prompting for username and password appear, regardless of the values it always allows access to the requested page. Can anyone point me in the right direction. I am currently using JBOSS with embedded

RE: SingleSignOn Or Security Constraint ?

That's right. But what I actually mean is: what are the differences between 1) defining two protected areas in ONE web-app, using TWO security constraint, and 2) defining TWO web-app, using single-sign-on (which actually is not defined in web.xml, but in the server config file server.xml)

Converted: Re: SingleSignOn Or Security Constraint ?

The documents converted by Doc2pdf version 0.6.1a Doc2pdf is OpenSource Software written by Matthew Peterson. For more information please see http://doc2pdf.sourceforge.net Could not find any convertable attachments. If you are sure that you did indeed attach a file to convert, please report

Re: SingleSignOn Or Security Constraint ?

Hi, Correct me if I'm not thinking straight but doesn't the Single Sign-on and Security Constraint in the web.xml file do different things? The single sign-on allows the user to remained logged in while traversing different webapps and the Security Constraint determines who has acc

SingleSignOn Or Security Constraint ?

I just configured Single Sign on on my Tomcat4 server, and was just wondering what's the best way to chose, when I have to add a new service to my site, if just adding a security constraint, in my main Context, or configuring and using single signon, for achieving the same result! It see

Re: security-constraint and error-page

e: Mon, 18 Mar 2002 08:44:56 -0600 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: security-constraint and error-page > > > Thanks Craig. But I was wondering if there was some way

Re: security-constraint and error-page

On Mon, 18 Mar 2002 [EMAIL PROTECTED] wrote: > Date: Mon, 18 Mar 2002 08:44:56 -0600 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: security-constraint and error-page > > &g

Re: security-constraint and error-page

browser on receiving the fourth "401 Unauthorized" displays the page that came along with it? Thanks. RS "Craig R. McClanahan" <[EMAIL PROTECTED]> on 03/16/2002 04:16:31 PM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: Tomcat Users

Re: security-constraint and error-page

On Sat, 16 Mar 2002 [EMAIL PROTECTED] wrote: > Date: Sat, 16 Mar 2002 15:18:34 -0600 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: security-constraint and error-page >

Re: security-constraint and error-page

) Thanks. RS [EMAIL PROTECTED] on 03/12/2002 09:33:47 PM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: security-constraint and error-page I've setup a security constraint, with basic authentication, in a memory realm. It works

  1   2   >