I do not necessarely want the context /secure, but I want that all files in the directory webapp/secure are protected.
Do I still need two web.xml files? I do I include webapp/secure into the root context? Thanks -- Rosaria -----Original Message----- From: Jon Eaves [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 3:52 PM To: Tomcat Users List Subject: Re: problems with web.xml and security You need 2 web.xml files. In / (or ROOT) for the context that maps to http://my.domain.com/ and in the web application defined by the context /secure which may be in the subdirectory webapps/secure, or it may be webapps/secure.war, or it may be webapps/somethingelse and have <Context> element in conf/server.xml point to the appropriate web application. This will map to http://my.domain.com/secure Remember, we're talking about web applications, and *not* directories. So, in the web application that you have defined to be the context /secure, put the security constraint of /* That will apply to all file *in that context*. Different contexts have different web.xml files. Directories are only relevant _within_ a web application. Cheers, -- jon Rosaria Silipo wrote: > > Sorry, my mistake! > It worked because in the meantime I removed /secure. > If I rebuild /secure, I can still access it without being authenticated. > > Summary: I have web.xml for / and web.xml for /secure. > Without web.xml in /secure/web/WEB-INF I can not build /secure in the > web application. > > How do I include /secure in the root web application? > > Thanks > > -- Rosaria > > > -----Original Message----- > From: Jon Eaves [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 17, 2003 3:04 PM > To: Tomcat Users List > Subject: Re: problems with web.xml and security > > Rosaria Silipo wrote: > > >>Thanks Carl, >> >>Yes, I tried to see /secure as first thing and I can see it without >>authentication. >>I tried to close browser and restart it and I still could see it. >>Maybe the problem is on the web.xml of /secure. Is it possible? >> >>-- Rosaria > > > If I'm reading your sentence correctly, then yes. > > If /secure is a different web application than / (or ROOT) > then the different contexts will process different web.xml files. > > The /* is relative to the root of the web application, not to > the Tomcat installation. > > Cheers, > -- jon > -- Jon Eaves <[EMAIL PROTECTED]> http://www.eaves.org/jon Co-Author of "Apache Tomcat Bible", Wiley 2003 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]