>
> From: "Zohar" <[EMAIL PROTECTED]>
> Date: 2006/04/06 Thu AM 11:46:27 EDT
> To: "Tomcat Users List" <users@tomcat.apache.org>,
> <tomcat-user@jakarta.apache.org>
> Subject: Re: access control
>
> Can I grant access to some jsp pages and deny access to others (in the same
> context)?
>
Yes. I've done it by creating a subdirectory within the webapp and placing
those jsps I only want admin users to access inside that folder and adding the
security constraint to web.xml.
Here's a snippet
<security-constraint>
<web-resource-collection>
<web-resource-name>UserArea</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>standard_user</role-name>
<role-name>admin_user</role-name>
</auth-constraing>
</security-constrant>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminArea</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin_user</role-name>
</auth-constraint>
</security-constraint>
There may be a better way, but I was in a hurry....
> ----- Original Message -----
> From: "Markus Schönhaber" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Thursday, April 06, 2006 17:23
> Subject: Re: access control
>
>
> > Zohar wrote:
> >> I have a few servlets which are deployed to different contexts (each
> >> servlet to its own context). One of these servlets acts as an interface
> >> to
> >> clients, and it forwards the requests from clients to the appropriate
> >> servlets. I don't want any of the non-interface servlets to be accessible
> >> to clients (but they must still be accessible to the interface servlet).
> >> How do I do that?
> >
> > You could, for example, use a Remote Address Filter or a Remote Host
> > Filter
> > for the contexts you don't want to be accessible:
> > http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Remote%20Address%20Filter
> >
> > But would you mind to elaborate a little why you put servlets into
> > contexts
> > you don't want to be accessible or why it is neccessary for those
> > "non-interface servlets" to be servlets at all?
> >
> > Regards
> > mks
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
