Great observations Chuck, I will take a look these items.
On Mon, Oct 25, 2010 at 11:22 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Keith Masten [mailto:spmdt...@gmail.com]
> > Subject: Re: Securing A Directory Listing
>
> > when I attemp
> From: Keith Masten [mailto:spmdt...@gmail.com]
> Subject: Re: Securing A Directory Listing
> when I attempt to access the application with the
> fictitious 'bob' user account, the standard login
> dialog is presented to me over and over.
Is your webapp discarding t
sndev-offshore
>
>
>
> When prompted for username/password, I use what has been defined in the
> tomcat-users.xml file and that does not work. It would appear that it is
> not even referencing the
> list.
>
>
>
>
>
>
> On Thu, Oct 21, 2010 at 3:23 PM
On Thu, Oct 21, 2010 at 3:23 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Keith Masten [mailto:spmdt...@gmail.com]
> > Subject: Re: Securing A Directory Listing
>
> > The realm definition for this tomcat instance is in
> > the serv
> From: Keith Masten [mailto:spmdt...@gmail.com]
> Subject: Re: Securing A Directory Listing
> The realm definition for this tomcat instance is in
> the server.xml.
That partially answers the question. As the doc says: "You may nest a Realm
inside any Catalina container
prompted, I should enter
id - bob, pw - bob according to my tomcat-users.xml, correct???
On Thu, Oct 21, 2010 at 2:18 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Keith Masten [mailto:spmdt...@gmail.com]
> > Subject: Re: Securing A Directory Listing
>
> From: Keith Masten [mailto:spmdt...@gmail.com]
> Subject: Re: Securing A Directory Listing
> login dialog is presented, but no matter what Id/pw I
> provide I cannot login.
For initial testing purposes, try BASIC for the and put
unencrypted passwords in the list. Once th
>>
>>
>> On Thu, Oct 21, 2010 at 9:16 AM, Caldarale, Charles R <
>> chuck.caldar...@unisys.com> wrote:
>>
>>> > From: Keith Masten [mailto:spmdt...@gmail.com]
>>> > Subject: Re: Securing A Directory Listing
>>>
>>> > This d
21, 2010 at 9:16 AM, Caldarale, Charles R <
> chuck.caldar...@unisys.com> wrote:
>
>> > From: Keith Masten [mailto:spmdt...@gmail.com]
>> > Subject: Re: Securing A Directory Listing
>>
>> > This does not work.
>>
>> Be more specific.
>&g
Thank you for pointing that out Chuck, I will make that adjustment.
On Thu, Oct 21, 2010 at 9:16 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Keith Masten [mailto:spmdt...@gmail.com]
> > Subject: Re: Securing A Directory Listing
>
> > This
source-collection,
>>> the default behavior is that all methods are protected.
>>> If you specify one or more http-methods, the behavior is that those
>>> specified are protected, and any that are not specified are not
>>> protected.
>>>
>>> Rebecca
> From: Keith Masten [mailto:spmdt...@gmail.com]
> Subject: Re: Securing A Directory Listing
> This does not work.
Be more specific.
> /applogs/*
I suspect you erroneously included the path to the webapp in the above. I you
specify just "/*", the entire webapp w
sage-
From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com]
Sent: Wednesday, October 20, 2010 2:15 PM
To: users@tomcat.apache.org
Subject: Re: Securing A Directory Listing
Sure, there are more HTTP methods that someone would want to protect
from.
Thanks for pointing out.
Reg
ah
>
>
>
> -Original Message-
> From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com]
> Sent: Wednesday, October 20, 2010 2:15 PM
> To: users@tomcat.apache.org
> Subject: Re: Securing A Directory Listing
>
> Sure, there are more HTTP methods th
d are not
protected.
Rebeccah
-Original Message-
From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com]
Sent: Wednesday, October 20, 2010 2:15 PM
To: users@tomcat.apache.org
Subject: Re: Securing A Directory Listing
Sure, there are more HTTP methods that someone would wa
Sure, there are more HTTP methods that someone would want to protect from.
Thanks for pointing out.
Regards,
Edson.
Em 20/10/2010 18:51, Mark Thomas escreveu:
On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote:
Secure Area
/mysecurearea
GET
Bad advice. Don't put the http-method in
On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote:
>
> Secure Area
>
> /mysecurearea
> GET
>
Bad advice. Don't put the http-method in there.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For add
It's easy:
1) Setup a Realm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html)
2) In web.xml, add security entries like:
SecureAreaConstraint
Secure Area
/mysecurearea
GET
Only authorized users.
MY_USERS
NONE
BASIC
NAME_YOUR_REALM
Access to secure area.
MY_USERS
(be sure
> From: Keith Masten [mailto:spmdt...@gmail.com]
> Subject: Re: Securing A Directory Listing
> I want to password protect the directory, so that consumers
> will be required to blogin for viewing of this data.
Ok, that makes more sense. Can you post your webapp's WEB-INF/w
I left out something Mark, so I am glad to chose to comment on this. I want
to password protect the directory, so that consumers will be required to
login for viewing of this data.
On Wed, Oct 20, 2010 at 2:29 PM, Mark Thomas wrote:
> On 20/10/2010 11:50, Keith Masten wrote:
> > I would like to
> From: Mark Thomas [mailto:ma...@apache.org]
> Subject: Re: Securing A Directory Listing
> On 20/10/2010 11:50, Keith Masten wrote:
> > I would like to know how to secure a directory listing
> > for read-only access.
> OK, I'll bite. How is a directory listing any
On 20/10/2010 11:50, Keith Masten wrote:
> I would like to know how to secure a directory listing for read-only access.
OK, I'll bite. How is a directory listing anything other than read-only?
Mark
> I have tried many variations in the web.xml using file based realms and none
> of these have wor
22 matches
Mail list logo
