AW: [Juglist] Tomcat Container Managed Security

Fri, 26 Mar 2004 06:10:49 -0800 

Rich,

I don't know whether this part of Tomcat works, but It does not look like your 
urlpattern "/a" matches any JSP.
Try "/a/*" to protect the JSP in "/a".

Also according to the DTD "confidential" should be all uppercase, and to try out 
realms and authentication I would leave that part out until you need it as it implies 
using SSL.

-hendrik

> -----Ursprungliche Nachricht-----
> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Auftrag von Richard O. Hammer
> Gesendet: Donnerstag, 25. Marz 2004 20:53
> An: Java Users Group
> Betreff: [Juglist] Tomcat Container Managed Security 
> 
> 
> I'm using Tomcat 5.0.16 as a standalone container for a web app, 
> trying to make its Container Managed Security work with a JDBCRealm.
> For some reason it is serving a JSP from a directory which I am trying 
> to protect, without asking for authentication.
> 
> Here is some of the XML I am using.
> In my conf/server.xml I have this Realm element inside an my Engine:
> 
>        <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
>               driverName="org.postgresql.Driver"
>            connectionURL="jdbc:postgresql://192.168.1.12:5432/db5"
>           connectionName="tomcat" connectionPassword="myPassword"
>                userTable="customer" userNameCol="userName"
>            userCredCol="password"
>            userRoleTable="userRoles" roleNameCol="role" />
> 
> 
> 
> And my web.xml deployment descriptor looks like this:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web 
> Application 2.3//EN"
>                               "http://java.sun.com/dtd/web-app_2_3.dtd";>
> <web-app>
>       <security-constraint>
>               <web-resource-collection>
>                       <web-resource-name>duh</web-resource-name>
>                       <url-pattern>/a</url-pattern>
>               </web-resource-collection>
>               <auth-constraint>
>               <role-name>ball</role-name>
>               </auth-constraint>
>               <user-data-constraint>
>                       
> <transport-guarantee>confidential</transport-guarantee>
>               </user-data-constraint>
>       </security-constraint>
>       <login-config>
>               <auth-method>BASIC</auth-method>
>       </login-config>
>      <security-role>
>        <role-name>ball</role-name>
>      </security-role>
> </web-app>
> 
> 
> Any suggestions?
> 
> Do you believe that this part of Tomcat works?
> 
> Is there good documentation anywhere, telling me how to set this up?
> 
> Thanks,
> Rich Hammer
> 
> 
> _______________________________________________
> Juglist mailing list
> [EMAIL PROTECTED]
> http://trijug.org/mailman/listinfo/juglist_trijug.org
_______________________________________________
Juglist mailing list
[EMAIL PROTECTED]
http://trijug.org/mailman/listinfo/juglist_trijug.org

Reply via email to