> > From: "Zohar" <[EMAIL PROTECTED]> > Date: 2006/04/06 Thu AM 11:46:27 EDT > To: "Tomcat Users List" <users@tomcat.apache.org>, > <tomcat-user@jakarta.apache.org> > Subject: Re: access control > > Can I grant access to some jsp pages and deny access to others (in the same > context)? > Yes. I've done it by creating a subdirectory within the webapp and placing those jsps I only want admin users to access inside that folder and adding the security constraint to web.xml. Here's a snippet <security-constraint> <web-resource-collection> <web-resource-name>UserArea</web-resource-name> <url-pattern>/</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>standard_user</role-name> <role-name>admin_user</role-name> </auth-constraing> </security-constrant> <security-constraint> <web-resource-collection> <web-resource-name>AdminArea</web-resource-name> <url-pattern>/admin/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin_user</role-name> </auth-constraint> </security-constraint> There may be a better way, but I was in a hurry....
> ----- Original Message ----- > From: "Markus Schönhaber" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Thursday, April 06, 2006 17:23 > Subject: Re: access control > > > > Zohar wrote: > >> I have a few servlets which are deployed to different contexts (each > >> servlet to its own context). One of these servlets acts as an interface > >> to > >> clients, and it forwards the requests from clients to the appropriate > >> servlets. I don't want any of the non-interface servlets to be accessible > >> to clients (but they must still be accessible to the interface servlet). > >> How do I do that? > > > > You could, for example, use a Remote Address Filter or a Remote Host > > Filter > > for the contexts you don't want to be accessible: > > http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Remote%20Address%20Filter > > > > But would you mind to elaborate a little why you put servlets into > > contexts > > you don't want to be accessible or why it is neccessary for those > > "non-interface servlets" to be servlets at all? > > > > Regards > > mks > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]