>-----Original Message----- >From: Christopher Schultz [mailto:ch...@christopherschultz.net] >Sent: Friday, November 30, 2012 3:39 PM >To: Tomcat Users List >Subject: Re: Context Path for a subdirectory > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Chuck, > >On 11/30/12 5:25 PM, Caldarale, Charles R wrote: >>> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >>> Subject: Re: Context Path for a subdirectory >> >>> I don't think it's specifically /un/supported. >> >>> For instance, Tomcat should happily deploy both of these files: >> >>> myapp.war myapp#static.war >> >> That's not what's being discussed. You're describing logically nested >> paths, which is fully supported; the topic under discussion is >> physical (file system) nesting of one webapp inside another. > >There's definitely come nomenclature confusion going-on in this thread. For >example: > >> On 11/29/12 3:14 PM, Calderale, Charles R wrote: >>> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov] >>> Subject: Context Path for a subdirectory >> >>> If I have a webapp, with a www directory, and in that www directory >>> are other directories, how would I restrict access to one of those >>> subdirectories to the localhost? >>> >>> [...] >>> >>> Is the context path of directory1: /webapp1/directory1 >> >> No, it's /webapp1/www/directory1. > >The context path for the webapp is "/webapp1", not >"/webapp1/www/directory1". > >As you say, you can't just cause a new webapp context to spring-forth from >another by adding a context.xml file to it. Explicitly deploying a >subdirectory of >an existing webapp using >CATALINA_BASE/conf/Catalina/localhost/webapp#www#directory1.xml with >path=${catalina.base}/webapps/webapp1/www/directory1" would probably >work, but it is, of course, totally stupid to do things that way. > >I think OP was just trying to treat a subdirectory as a distinct webapp because >(maybe?) that seemed like an easier way to restrict access. I can imagine this >being conflated with, say, Apache httpd's ability to specify authentication >requirements by dropping an .htaccess file into a directory. Obviously that's >not how Tomcat does things. > >I think this is yet another instance of someone not understanding that a >"webapp" is more than just set of files and subdirectories rooted somewhere >on the filesystem. Honestly, Leo should know better after all the time he's >been hanging around the list ;) > >- -chris
Dang it. Ok, so before I upgraded to Tomcat 7.0.33 to use the container supplied remote address filter, what were my options to restrict access to just a subdirectory of a web app in Tomcat 6.0.35? I'll admit, contexts are confusing to me. You can create contexts in conf\Catalina\localhost that map to places that are not even in the webapps folder, but expose themselves as a URL to the end user. My thought was if I could create a context that mapped to a subdirectory, I could create a valve that restricted access to that URL. What is the right way to do this in Tomcat 6.0.35?
