On 18/08/2010 12:16, K A wrote: > > In /tomcat/Webapps/Projectname/web-inf:
Capitals matter. WEB-INF is the correct directory name. > I have inserted this part: > .... > - <!--inserted from her --> > - <security-constraint> > - <web-resource-collection> > <web-resource-name>user open part</web-resource-name> > <url-pattern>/Server/user/*</url-pattern> > </web-resource-collection> > - <auth-constraint> > <role-name>user</role-name> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > - <security-constraint> > - <web-resource-collection> > <web-resource-name>admin closed part</web-resource-name> > <url-pattern>/Server/admin/*</url-pattern> > </web-resource-collection> > - <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > - <login-config> > > > <auth-method>FORM</auth-method> > > - <form-login-config> > <form-login-page>/Server/index.jsp</form-login-page> > <form-error-page>/Server/index.jsp</form-error-page> Paths are relative, I'd also recommend putting two separate files in an location that can't be directly requested. e.g. /WEB-INF/login/form.jsp /WEB-INF/login/error.jsp > </form-login-config> > </login-config> > > - <security-role> > <role-name>admin</role-name> > <role-name>user</role-name> > </security-role> > - <!--inserted to here --> > > - <servlet> > ... > > > In /tomcat/Conf/web.xml: Don't do that. Also, it should be 'conf'. p > I have inserted this part: > ................. > > > <!--inserted from here--> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>user > open part</web-resource-name> > > <url-pattern>/Server/user/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>user</role-name> > > <role-name>admin</role-name> > > </auth-constraint> > > </security-constraint> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>admin > closed part</web-resource-name> > > <url-pattern>/Server/admin/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>admin</role-name> > > </auth-constraint> > > </security-constraint> > > <login-config> > > <auth-method>FORM</auth-method> > > <form-login-config> > > <form-login-page>/Server/index.jsp</form-login-page> > > <form-error-page>/Server/index.jsp</form-error-page> > > </form-login-config> > > </login-config> > > <security-role> > > <role-name>admin</role-name> > > <role-name>user</role-name> > > </security-role> > > <!--inserted to here--> > > > > <servlet> > > > <servlet-name>default</servlet-name> > > > <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class> > > <init-param> > > ...... > > > >> Date: Wed, 18 Aug 2010 12:00:39 +0100 >> From: p...@pidster.com >> To: users@tomcat.apache.org >> Subject: Re: Configure read/write-access in TomCat >> >> On 18/08/2010 10:44, K A wrote: >>> >>> Hello >>> >>> I've developed a web-application in which I'd like to have some control of >>> which resources are accessed by whom. My project is called "Server" in >>> which I've got 3 directories: "/user" which all roles are allowed to >>> access, "/admin" which ONLY administrators are allowed to access and >>> "resources" in which I've got some files which users are allowed to read >>> and administrators are allowed to both read and write. >>> >>> I'm using a FORM to login. The form action is "POST" and the action is >>> "j_security_check", the username field's name is "j_username" and the >>> password field's is "j_password". >>> I've implemented a security-check in the jsp-file itself where I'm checking >>> for the type of login the current user has. If the type is aproved then the >>> user is allowed to access the page. >>> >>> But when I test the application and try to access the files in the other >>> library then I've got access no matter what. This wasn't the intension. >>> >>> I've tried to follow several tutorials online but no matter what I can't >>> get it to work ouf the right way. >>> >>> I've tried to configure the web.xml manually but it doesn't work. I've >>> tried to use the "manager" through the browser but that doesn't seem to >>> deliver the possibility to setup those restriction. >> >> What have you tried? >> >> >>> Can somebody please give me a detailed walkthrough on how to achieve this? >>> >>> I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very >>> much in advance! >> >> Why do people think it's called 'TomCat'? It's *Tomcat*. >> >> >> p >> >> >>> Best regards, >>> Kenneth Andersen >>> k_k_ander...@hotmail.com >>> >> >
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature