-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chris,
On 3/4/13 4:54 PM, Chris Fors wrote: >> Date: Mon, 4 Mar 2013 23:32:34 +0100 From: a...@ice-sa.com To: >> users@tomcat.apache.org Subject: Re: Tomcat Built-in WinAuth - >> NEW THREAD >> >> Mark Thomas wrote: >>> On 04/03/2013 21:47, Chris Fors wrote: >>>> Could you please expand on what constraints you were >>>> referring to >>> >>> Security constraints in web.xml >>> >>>> and how they are best implemented, where, and in what syntax >>>> e.g. if implemented in web.xml what are the correct tags. >>> >>> All defined in the Servlet spec. >>> >>>> If implemented in web.xml what are the correct tags. I have >>>> not found this clarified anywhere, yet. >>> >>> Again, see the servlet spec. >> >> You will find an example in the "manager" webapp that comes with >> Tomcat. Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts >> like this : >> >> <security-constraint> <web-resource-collection> >> <web-resource-name>HTML Manager interface (for >> humans)</web-resource-name> <url-pattern>/html/*</url-pattern> >> </web-resource-collection> <auth-constraint> >> <role-name>manager-gui</role-name> </auth-constraint> >> </security-constraint> >> >> In not-quite-technical terms : >> >> The above, present at the level of the webapp, specifies a "role" >> which the authenticated user must have, in order to be able to >> access this part of the webapp. To determine if the user has that >> role, Tomcat must first know the user. This is what "triggers" >> the authentication mechanism. If nothing forces Tomcat to >> authenticate the user of this webapp, the authentication method >> may well be specified, but it will not be invoked. >> > Was hoping to not have to hunt through the complete JSR 315 > specification. I will give the constraint model above a shot > tomorrow. Thanks, Chris Honestly, it's like 3 pages of reading, most of which is tables and examples. Reading the servlet spec (it's not your average spec: mere mortals *can* read and understand it) should be required in order to develop web applications. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlE1QNgACgkQ9CaO5/Lv0PC80ACdF7zjHS4wi+fsY42e1bKsFPCJ kD4An3cF7A2CFc+1su5M/a9tejx6zlIC =QoqH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org