If you are using Tomcat in standalone mode, you can put something similar to
the following in your web.xml file to do that. For more information, check
out the Servlet 2.3 spec which you can get at the following URL.
http://jcp.org/aboutJava/communityprocess/first/jsr053/index.html
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Protected Area</realm-name>
</login-config>
</web-app>
Jon
----- Original Message -----
From: "Rob Cartier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 8:39 AM
Subject: Tomcat: can I use .htaccess files to protect html files
> I was looking through and trying to apply minimal security
> to a directory like I do in apache . But so far I am not able
> to get it to work on tomcat 4.0
>
> any pointers
>
> .htaccess file is stored in the directory I am trying to secure
>
> AuthUserFile /var/www/passfile*
> AuthGroupFile /dev/null
> AuthName Protected Area
> AuthType Basic
> <Limit GET POST>
> require valid-user
> </Limit>
>
> Any ideas ??
>
> Rob
>
