Re: Securing A Directory Listing

Wed, 20 Oct 2010 13:10:26 -0700 

It's easy:

1) Setup a Realm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html)

2) In web.xml, add security entries like:

<security-constraint>
<display-name>SecureAreaConstraint</display-name>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<description/>
<url-pattern>/mysecurearea</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only authorized users.</description>
<role-name>MY_USERS</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>NAME_YOUR_REALM</realm-name>
</login-config>
<security-role>
<description>Access to secure area.</description>
<role-name>MY_USERS</role-name>
</security-role>
(be sure that you MUST obey the correct order for elements in XML file, otherwise your application will fail). 


Regards,

Edson.

Em 20/10/2010 17:59, Keith Masten escreveu:

I left out something Mark, so I am glad to chose to comment on this.  I want
to password protect the directory, so that consumers will be required to
login for viewing of this data.

On Wed, Oct 20, 2010 at 2:29 PM, Mark Thomas<ma...@apache.org>  wrote:


On 20/10/2010 11:50, Keith Masten wrote:

I would like to know how to secure a directory listing for read-only

access.

OK, I'll bite. How is a directory listing anything other than read-only?

Mark


I have tried many variations in the web.xml using file based realms and

none

of these have worked.  I attempted the BASIC and DIGEST method
configurations.  Any assistance provided would be greatly appreciated.

Tomcat Ver. 5.5.25
OS Solaris 9.





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to