Hi all,
For security reasons, we should add the following back to the web.xml within
the soap.jar so that it uses the tomcat admin user to authenticate because
currently the soap admin interface is wide open. Can anyone tell me how to
submit this patch?
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin</realm-name>
</login-config>
.
.
.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ed Yu, IBM Certified Specialist - AIX System Administrator
Information Technology Manager,
University of South Carolina,
Advanced Solutions Group, Physics Dept.,
Columbia, SC 29208
Office (803)777-8831, FAX (803)777-8833, Email [EMAIL PROTECTED]
