Zohar Amir a écrit : > Thank you again, > I've set a security-constraint on the context (in the web.xml), and it > works OK now. > What I'd like to know is: > 1. Can I do it anywhere else other than the web.xml, so that the > deployer can control this and not the developer?
No, but on some webapplication container there is the possibility to map from application roles to real roles (eg, the 'admin' role of app XYZ is in fact the role PublicationManager). But am not sure tomcat handles this. > 2. Can I set it for a group of contexts, so that they will all be able > to use request.getPricipal() and have the user name that logged in? When authenticated, request.getPrincipal() returns the authenticated principal > > > ----- Original Message ----- From: "David Delbecq" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Wednesday, February 15, 2006 3:05 PM > Subject: Re: password protection > > >> http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html >> http://www.cafesoft.com/products/cams/tomcat-security.html >> >> for other ones, use favorite search engine. >> >> Zohar Amir a écrit : >> >>> Thanks, >>> Where can I find info on how exactly to do this? maybe an example...? >>> ----- Original Message ----- From: "David Delbecq" <[EMAIL PROTECTED]> >>> To: "Tomcat Users List" <users@tomcat.apache.org> >>> Sent: Wednesday, February 15, 2006 2:52 PM >>> Subject: Re: password protection >>> >>> >>>> Zohar Amir a écrit : >>>> >>>>> Hello, >>>>> I'm using tomcat 5.5.15 on Win XP. >>>>> I have a servlet that is deployed on a certain context. I would like >>>>> anyone trying to use that servlet use a username-password. how do >>>>> I do >>>>> this? >>>> >>>> >>>> >>>> set a security-constrain in WEB-INF/web.xml >>>> >>>>> What if I need to protect a jsp that is part of the servlet? >>>> >>>> >>>> >>>> You mean to prevent direct loading of a jsp included by your servlet? >>>> Same thing, add a security-constraint to the url of your jsp. >>>> >>>>> Thanks, >>>>> Zohar. >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
