Re: Securing A Directory Listing

2010-10-25 Thread Keith Masten
Great observations Chuck, I will take a look these items. On Mon, Oct 25, 2010 at 11:22 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing > > > when I attemp

RE: Securing A Directory Listing

2010-10-25 Thread Caldarale, Charles R
> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing > when I attempt to access the application with the > fictitious 'bob' user account, the standard login > dialog is presented to me over and over. Is your webapp discarding t

Re: Securing A Directory Listing

2010-10-25 Thread Keith Masten
sndev-offshore > > > > When prompted for username/password, I use what has been defined in the > tomcat-users.xml file and that does not work. It would appear that it is > not even referencing the > list. > > > > > > > On Thu, Oct 21, 2010 at 3:23 PM

Re: Securing A Directory Listing

2010-10-22 Thread Keith Masten
On Thu, Oct 21, 2010 at 3:23 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing > > > The realm definition for this tomcat instance is in > > the serv

RE: Securing A Directory Listing

2010-10-21 Thread Caldarale, Charles R
> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing > The realm definition for this tomcat instance is in > the server.xml. That partially answers the question. As the doc says: "You may nest a Realm inside any Catalina container

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
prompted, I should enter id - bob, pw - bob according to my tomcat-users.xml, correct??? On Thu, Oct 21, 2010 at 2:18 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing >

RE: Securing A Directory Listing

2010-10-21 Thread Caldarale, Charles R
> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing > login dialog is presented, but no matter what Id/pw I > provide I cannot login. For initial testing purposes, try BASIC for the and put unencrypted passwords in the list. Once th

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
>> >> >> On Thu, Oct 21, 2010 at 9:16 AM, Caldarale, Charles R < >> chuck.caldar...@unisys.com> wrote: >> >>> > From: Keith Masten [mailto:spmdt...@gmail.com] >>> > Subject: Re: Securing A Directory Listing >>> >>> > This d

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
21, 2010 at 9:16 AM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >> > From: Keith Masten [mailto:spmdt...@gmail.com] >> > Subject: Re: Securing A Directory Listing >> >> > This does not work. >> >> Be more specific. >&g

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
Thank you for pointing that out Chuck, I will make that adjustment. On Thu, Oct 21, 2010 at 9:16 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing > > > This

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
source-collection, >>> the default behavior is that all methods are protected. >>> If you specify one or more http-methods, the behavior is that those >>> specified are protected, and any that are not specified are not >>> protected. >>> >>> Rebecca

RE: Securing A Directory Listing

2010-10-21 Thread Caldarale, Charles R
> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing > This does not work. Be more specific. > /applogs/* I suspect you erroneously included the path to the webapp in the above. I you specify just "/*", the entire webapp w

Re: Securing A Directory Listing

2010-10-21 Thread Edson Carlos Ericksson Richter
sage- From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com] Sent: Wednesday, October 20, 2010 2:15 PM To: users@tomcat.apache.org Subject: Re: Securing A Directory Listing Sure, there are more HTTP methods that someone would want to protect from. Thanks for pointing out. Reg

Re: Securing A Directory Listing

2010-10-21 Thread Keith Masten
ah > > > > -Original Message- > From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com] > Sent: Wednesday, October 20, 2010 2:15 PM > To: users@tomcat.apache.org > Subject: Re: Securing A Directory Listing > > Sure, there are more HTTP methods th

RE: Securing A Directory Listing

2010-10-20 Thread Prastein, Rebeccah H
d are not protected. Rebeccah -Original Message- From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com] Sent: Wednesday, October 20, 2010 2:15 PM To: users@tomcat.apache.org Subject: Re: Securing A Directory Listing Sure, there are more HTTP methods that someone would wa

Re: Securing A Directory Listing

2010-10-20 Thread Edson Carlos Ericksson Richter
Sure, there are more HTTP methods that someone would want to protect from. Thanks for pointing out. Regards, Edson. Em 20/10/2010 18:51, Mark Thomas escreveu: On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote: Secure Area /mysecurearea GET Bad advice. Don't put the http-method in

Re: Securing A Directory Listing

2010-10-20 Thread Mark Thomas
On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote: > > Secure Area > > /mysecurearea > GET > Bad advice. Don't put the http-method in there. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For add

Re: Securing A Directory Listing

2010-10-20 Thread Edson Carlos Ericksson Richter
It's easy: 1) Setup a Realm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html) 2) In web.xml, add security entries like: SecureAreaConstraint Secure Area /mysecurearea GET Only authorized users. MY_USERS NONE BASIC NAME_YOUR_REALM Access to secure area. MY_USERS (be sure

RE: Securing A Directory Listing

2010-10-20 Thread Caldarale, Charles R
> From: Keith Masten [mailto:spmdt...@gmail.com] > Subject: Re: Securing A Directory Listing > I want to password protect the directory, so that consumers > will be required to blogin for viewing of this data. Ok, that makes more sense. Can you post your webapp's WEB-INF/w

Re: Securing A Directory Listing

2010-10-20 Thread Keith Masten
I left out something Mark, so I am glad to chose to comment on this. I want to password protect the directory, so that consumers will be required to login for viewing of this data. On Wed, Oct 20, 2010 at 2:29 PM, Mark Thomas wrote: > On 20/10/2010 11:50, Keith Masten wrote: > > I would like to

RE: Securing A Directory Listing

2010-10-20 Thread Caldarale, Charles R
> From: Mark Thomas [mailto:ma...@apache.org] > Subject: Re: Securing A Directory Listing > On 20/10/2010 11:50, Keith Masten wrote: > > I would like to know how to secure a directory listing > > for read-only access. > OK, I'll bite. How is a directory listing any

Re: Securing A Directory Listing

2010-10-20 Thread Mark Thomas
On 20/10/2010 11:50, Keith Masten wrote: > I would like to know how to secure a directory listing for read-only access. OK, I'll bite. How is a directory listing anything other than read-only? Mark > I have tried many variations in the web.xml using file based realms and none > of these have wor

Securing A Directory Listing

2010-10-20 Thread Keith Masten
I would like to know how to secure a directory listing for read-only access. I have tried many variations in the web.xml using file based realms and none of these have worked. I attempted the BASIC and DIGEST method configurations. Any assistance provided would be greatly appreciated. Tomcat Ver