Please clarify what do you mean by "does not work":
0) Did you created the realm in Server.xml or in your context xml file?
1) Error on Tomcat (Tomcat wont start anymore)
2) HTTP Error 500 (or other HTTP error)?
3) Directory is not secured (you can still access without login request)?
4) Login request window is shown, but you can't authenticate?
5) Login request window is shown, you can authenticate, but then you get
an HTTP error?
6) Tomcat starts, but there are lots of error messages in tomcat log?
7) Something else?
Regards,
Edson
Em 21/10/2010 12:05, Keith Masten escreveu:
This is the web.xml that I am using. This does not work.
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4">
<display-name>Vision Application Logs</display-name>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>applogs</web-resource-name>
<url-pattern>/applogs/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>applogs</realm-name>
</login-config>
<!-- Security roles referenced by this Web application -->
<security-role>
<role-name>tomcat</role-name>
</security-role>
</web-app>
On Wed, Oct 20, 2010 at 4:23 PM, Prastein, Rebeccah H<
rebeccah.h.prast...@questdiagnostics.com> wrote:
For the benefit of the original poster:
If you don't specify any http-methods for the web-resource-collection,
the default behavior is that all methods are protected.
If you specify one or more http-methods, the behavior is that those
specified are protected, and any that are not specified are not
protected.
Rebeccah
-----Original Message-----
From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com]
Sent: Wednesday, October 20, 2010 2:15 PM
To: users@tomcat.apache.org
Subject: Re: Securing A Directory Listing
Sure, there are more HTTP methods that someone would want to protect
from.
Thanks for pointing out.
Regards,
Edson.
Em 20/10/2010 18:51, Mark Thomas escreveu:
On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote:
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name> <description/>
<url-pattern>/mysecurearea</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
Bad advice. Don't put the http-method in there.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
------------------------------------------
The contents of this message, together with any attachments, are
intended only for the use of the person(s) to which they are
addressed and may contain confidential and/or privileged
information. Further, any medical information herein is
confidential and protected by law. It is unlawful for unauthorized
persons to use, review, copy, disclose, or disseminate confidential
medical information. If you are not the intended recipient,
immediately advise the sender and delete this message and any
attachments. Any distribution, or copying of this message, or any
attachment, is prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
