Re: Realms and Static pages
QM thanks - I was assuming a mapping between the (e.g.) "Configs" here for servlet and web-resource-name, which doesn't actually exist. Hence my befuddlement. Config Config Chris - Original Message - From: "QM" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, November 18, 2004 12:01 AM Subject: Re: Realms and Static pages > On Wed, Nov 17, 2004 at 01:25:27PM -, Chris Chappell wrote: > : Thanks QM but I' still not sure what to do! > > Please trust me, it's all in the spec... > > > : In my web.xml I have for example (standard stuff!) > : > : > : Config > : org.myorg.config.Config > : > : > : with a mapping and security contraint. > > It helps to show the entire file, since that's the root of the problem. > ;) > > > : I have searched throught the web.xml options below and cannot work out which > : one for static html pages. > > Try to think outside the box: are you trying to protect "static html > pages" or just "certain regions (URIs) of the site?" > > Hint: you can map to plain old URIs, not just > servlet classes. Take a close look at the tag... > > -QM > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Static pages
On Wed, Nov 17, 2004 at 01:25:27PM -, Chris Chappell wrote: : Thanks QM but I' still not sure what to do! Please trust me, it's all in the spec... : In my web.xml I have for example (standard stuff!) : : : Config : org.myorg.config.Config : : : with a mapping and security contraint. It helps to show the entire file, since that's the root of the problem. ;) : I have searched throught the web.xml options below and cannot work out which : one for static html pages. Try to think outside the box: are you trying to protect "static html pages" or just "certain regions (URIs) of the site?" Hint: you can map to plain old URIs, not just servlet classes. Take a close look at the tag... -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realms and Static pages
Thanks QM but I' still not sure what to do! In my web.xml I have for example (standard stuff!) Config org.myorg.config.Config with a mapping and security contraint. I have searched throught the web.xml options below and cannot work out which one for static html pages. Or do you you use servlet like HelpPage /HelpPage.html with forward slash to show root context folder. I've serached high and low on the net - all the examples (and in the TC examples) don't restrict static pages. I'm sure its easy when you know how, but :-) Chris Chappell - Original Message - From: "QM" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, November 17, 2004 12:02 PM Subject: Re: Realms and Static pages > On Wed, Nov 17, 2004 at 11:34:48AM -, Chris Chappell wrote: > : How can I protect static pages on my Tomcat powered site with username/role > + > : password information from my jdbc realm? > > Use the standard roles/auth constraints in web.xml. See the servlet > spec, or some random servlet/JSP articles/books, for details. > > > : I have some help pages under /MyContext/help. I cannot find how to put them > : under /MyContext/WEB-INF/help. > : Anybody help? (There's only a few static pages, so it would be overkill to > run > : apache as well) > > Yes: don't put them under WEB-INF unless you want to write code to serve > them yourself. =) By default, files under WEB-INF are *not* available > for standard requests (HTTP/GET, HTTP/POST, etc). This prevents > would-be miscreants from downloading the app's code and config files. > > > -QM > > -- > > software -- http://www.brandxdev.net > tech news -- http://www.RoarNetworX.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Realms and Static pages
On Wed, Nov 17, 2004 at 11:34:48AM -, Chris Chappell wrote: : How can I protect static pages on my Tomcat powered site with username/role + : password information from my jdbc realm? Use the standard roles/auth constraints in web.xml. See the servlet spec, or some random servlet/JSP articles/books, for details. : I have some help pages under /MyContext/help. I cannot find how to put them : under /MyContext/WEB-INF/help. : Anybody help? (There's only a few static pages, so it would be overkill to run : apache as well) Yes: don't put them under WEB-INF unless you want to write code to serve them yourself. =) By default, files under WEB-INF are *not* available for standard requests (HTTP/GET, HTTP/POST, etc). This prevents would-be miscreants from downloading the app's code and config files. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realms and Static pages
Hi How can I protect static pages on my Tomcat powered site with username/role + password information from my jdbc realm? I have some help pages under /MyContext/help. I cannot find how to put them under /MyContext/WEB-INF/help. Anybody help? (There's only a few static pages, so it would be overkill to run apache as well) (Running 5.0.19) Chris Chappell
