Hi, I have written a simple web-app and I have deployed it in tomcat-6.0.18. I want to ensure that a particular jsp file can't be accessed directly. As in, in the tomcat page (http://localhost:8080/) on the left side there is a link titled Status. Clicking on which brings up a log-in dialog. I want the same thing to happen if someone tries to access test.jsp directly.
I added the following role to tomcat-users.xml : <role rolename="manager"/> <user username="tomcat" password="s3cret" roles="manager"/> I also added <auth-constraint> to my web.xml but still it is possible to access the jsp directly by this url : http://localhost:8080/myApp/jsp/test.jsp where as I expect the jsp page to come up only when following url is keyed in : http://localhost:8080/myApp/first What should I do in order to force user to go through the user-authentication? Thanks in advance. The war contents are like this : META-INF/ META-INF/MANIFEST.MF WEB-INF/ WEB-INF/web.xml WEB-INF/lib/ WEB-INF/lib/servlet-api.jar WEB-INF/classes/ WEB-INF/classes/com/ WEB-INF/classes/com/myComp/ WEB-INF/classes/com/myComp/MyServlet.class jsp/ jsp/myfile.jsp jsp/some.jsp jsp/test.jsp jsp/welcome.jsp And the web.xml looks like this : <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <display-name>J2EE Examples Application</display-name> <!-- Standard Action Servlet Configuration (with debugging) --> <servlet> <servlet-name>MyServlet</servlet-name> <servlet-class>com.myComp.MyServlet</servlet-class> </servlet> <!-- Standard Action Servlet Mapping --> <servlet-mapping> <servlet-name>MyServlet</servlet-name> <url-pattern>/first</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <url-pattern>/jsp/test.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <security-role> <description> The role that is required to log in to the Manager Application </description> <role-name>manager</role-name> </security-role> </web-app> -- View this message in context: http://www.nabble.com/How-to-enforece-status-like-manager-authentication-for-my-web-app--tp21623099p21623099.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org