The best way to insure safety, in my opinion, is to use a front controller that acts as a traffic cop, sending all traffic to a presentation tier kept under WEB-INF.
On 4/13/05, Ikonne, Ike <[EMAIL PROTECTED]> wrote: > Hi Fritz, > > So, are you saying that I have to have basic authentication enabled in order > to restrict > access to certain directories? > > Thanks, > > Ike > > > -----Original Message----- > From: Fritz Schneider [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 13, 2005 11:04 AM > To: 'Tomcat Users List' > Subject: RE: How do I restrict access to webapps applications from > browser users? > > Ike. > > You need to complete your <security-constraint> with authorization, login, > and role information. Here is what works for me: > > <!-- Define a Security Constraint on this Application --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Restricted Files</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <!-- NOTE: This role is not present in the default users file --> > <role-name>app1</role-name> > </auth-constraint> > </security-constraint> > > <!-- Define the Login Configuration for this Application --> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>My Application</realm-name> > </login-config> > > <!-- Security roles referenced by this web application --> > <security-role> > <description> > The role that is required to log in to the application > </description> > <role-name>app1</role-name> > </security-role> > > You might also want to check out the single login valve. > > Fritz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]