On 18/08/2010 12:16, K A wrote:
> 
> In /tomcat/Webapps/Projectname/web-inf:

Capitals matter.  WEB-INF is the correct directory name.

> I have inserted this part:
> ....
> - <!--inserted from her  -->
> - <security-constraint>
> - <web-resource-collection>
>   <web-resource-name>user open part</web-resource-name> 
>   <url-pattern>/Server/user/*</url-pattern> 
>   </web-resource-collection>
> - <auth-constraint>
>   <role-name>user</role-name> 
>   <role-name>admin</role-name> 
>   </auth-constraint>
>   </security-constraint>
> - <security-constraint>
> - <web-resource-collection>
>   <web-resource-name>admin closed part</web-resource-name> 
>   <url-pattern>/Server/admin/*</url-pattern> 
>   </web-resource-collection>
> - <auth-constraint>
>   <role-name>admin</role-name> 
>   </auth-constraint>
>   </security-constraint>
> - <login-config>
> 
> 
>   <auth-method>FORM</auth-method> 
> 
> - <form-login-config>
>   <form-login-page>/Server/index.jsp</form-login-page> 
>   <form-error-page>/Server/index.jsp</form-error-page> 

Paths are relative, I'd also recommend putting two separate files in an
location that can't be directly requested. e.g.

  /WEB-INF/login/form.jsp
  /WEB-INF/login/error.jsp

>   </form-login-config>
>   </login-config>
> 
> - <security-role>
>   <role-name>admin</role-name> 
>   <role-name>user</role-name> 
>   </security-role>
> - <!--inserted to here  -->
> 
> - <servlet>
> ...
> 
> 
> In /tomcat/Conf/web.xml:

Don't do that.  Also, it should be 'conf'.


p

> I have inserted this part:
> .................
> 
> 
> <!--inserted from here-->
> 
>       <security-constraint>
> 
>             <web-resource-collection>
> 
>                   <web-resource-name>user
> open part</web-resource-name>
> 
>                   <url-pattern>/Server/user/*</url-pattern>
> 
>             </web-resource-collection>
> 
>             <auth-constraint>
> 
>                   <role-name>user</role-name>
> 
>                   <role-name>admin</role-name>
> 
>             </auth-constraint>
> 
>       </security-constraint>
> 
>       <security-constraint>
> 
>             <web-resource-collection>
> 
>                   <web-resource-name>admin
> closed part</web-resource-name>
> 
>                   <url-pattern>/Server/admin/*</url-pattern>
> 
>             </web-resource-collection>
> 
>             <auth-constraint>
> 
>                   <role-name>admin</role-name>
> 
>             </auth-constraint>
> 
>       </security-constraint>
> 
>       <login-config>
> 
>             <auth-method>FORM</auth-method>
> 
>             <form-login-config>
> 
>                   <form-login-page>/Server/index.jsp</form-login-page>
> 
>                   <form-error-page>/Server/index.jsp</form-error-page>
> 
>             </form-login-config>
> 
>       </login-config>
> 
>       <security-role>
> 
>             <role-name>admin</role-name>
> 
>             <role-name>user</role-name>
> 
>       </security-role>
> 
> <!--inserted to here-->
> 
> 
> 
>     <servlet>
> 
>        
> <servlet-name>default</servlet-name>
> 
>        
> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
> 
>         <init-param>
> 
> ......
> 
> 
> 
>> Date: Wed, 18 Aug 2010 12:00:39 +0100
>> From: p...@pidster.com
>> To: users@tomcat.apache.org
>> Subject: Re: Configure read/write-access in TomCat
>>
>> On 18/08/2010 10:44, K A wrote:
>>>
>>> Hello
>>>
>>> I've developed a web-application in which I'd like to have some control of 
>>> which resources are accessed by whom. My project is called "Server" in 
>>> which I've got 3 directories: "/user" which all roles are allowed to 
>>> access, "/admin" which ONLY administrators are allowed to access and 
>>> "resources" in which I've got some files which users are allowed to read 
>>> and administrators are allowed to both read and write.
>>>
>>> I'm using a FORM to login. The form action is "POST" and the action is 
>>> "j_security_check", the username field's name is "j_username" and the 
>>> password field's is "j_password".
>>> I've implemented a security-check in the jsp-file itself where I'm checking 
>>> for the type of login the current user has. If the type is aproved then the 
>>> user is allowed to access the page.
>>>
>>> But when I test the application and try to access the files in the other 
>>> library then I've got access no matter what. This wasn't the intension. 
>>>
>>> I've tried to follow several tutorials online but no matter what I can't 
>>> get it to work ouf the right way.
>>>
>>> I've tried to configure the web.xml manually but it doesn't work. I've 
>>> tried to use the "manager" through the browser but that doesn't seem to 
>>> deliver the possibility to setup those restriction.
>>
>> What have you tried?
>>
>>
>>> Can somebody please give me a detailed walkthrough on how to achieve this?
>>>
>>> I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very 
>>> much in advance!
>>
>> Why do people think it's called 'TomCat'?  It's *Tomcat*.
>>
>>
>> p
>>
>>
>>> Best regards,
>>> Kenneth Andersen
>>> k_k_ander...@hotmail.com
>>>                                       
>>
>                                         

Attachment: 0x62590808.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to