The easy way is to use a reverse proxy as apache2 in front-side, in another words, use the traditional apache2 with modproxy to display the tomcat6 pages. Its very easy to do it!
2013/2/14 Dennis Gormley <gorm...@hslc.org> > > Hello; > > I've been struggling with this for a couple of weeks now. I've searched > web sites, forums and lists, but I can't seem to find the information I > want. > > We have two web sites on a Tomcat 5.5 server (virtual hosts?). I didn't > set up the server, but I've been tasked to password protect a directory on > one of the sites. I've already successfully password protected a directory > one site (site1) using a MemoryRealm, , but would like to protect another > site (site2). > > Here are the working <security-constraint> , <login-config>, and > <security-role> sections challange for UN/PW when a user tries to access > the directory on site1. It's located in > D:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml > > <!-- Begin code modified 20090320 by DJG to password protect Millennium > user directory --> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Test Application</web-resource-* > *name> > <url-pattern>/site1_staff/*</**url-pattern> > > </web-resource-collection> > <auth-constraint> > <role-name>site1staff</role-**name> > </auth-constraint> > > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-**method> > <realm-name>Site1 Users</realm-name> > </login-config> > > <security-role> > <description>The role that is required to log in to > the Manager Application</description> > <role-name>site1staff</role-**name> > </security-role> > > <!-- End code modified 20090320 by DJG to password protect Millennium user > directory --> > > I tried to just change the relevant arguments of D:\Program Files\Apache > Software Foundation\Tomcat 5.5\conf\web.xml so a directory on a site2 was > password protected, but changing it (and restarting the tomcat server) did > not produce a challenge when going to this directory > > <!-- Begin code modified 20120214 by DJG to password protect AskherePA > staff directory --> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Test Application</web-resource- > **name> > <url-pattern>/site2/**site2staff/*</url-pattern> > > </web-resource-collection> > <auth-constraint> > <role-name>site2staff</role-**name> > </auth-constraint> > > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-**method> > <realm-name>Site2 Staff</realm-name> > </login-config> > > <security-role> > <description>The role that is required to log in to > the Manager Application</description> > <role-name>site2staff</role-**name> > </security-role> > > <!-- End code modified 220120214 by DJG to password protect AskherePA > staff directory --> > > Here's the D:\Program Files\Apache Software Foundation\Tomcat > 5.5\conf\tomcat-users.xml file > > <?xml version='1.0' encoding='utf-8'?> > <tomcat-users> > <role rolename="site1staff"/> > <role rolename="site2staff"/> > <role rolename="tomcat"/> > > > > <user username="tomcat" password="tomcat" roles="tomcat"/> > <user username="site1UN" password="site1PW" roles="site1staff"/> > <user username="site2UN" password="site2PW" roles="site2staff"/> > </tomcat-users> > > The two directories appear in D:\Program Files\Apache Software > Foundation\Tomcat 5.5\webapps\cfusion\site1_**staff and D:\Program > Files\Apache Software Foundation\Tomcat 5.5\webapps\cfusion\site2\** > site2staff > > > Of course, I would ideally like to password protect both directories on > both sites (and other directories on other sites as well), but if I can get > this working for now, my boss'll be happy! > > Thanks! > > Dennis Gormley > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >