Hi,
I am trying to set up Tomcat as a secure web engine.
>From the tutorial I understood that you should insert the following
lines in web.xml and the password protection should work.
This works perfectly for files in the root directory, it does not work
for files in subdirectories, like /secure/*.
Have you have ever seen this problem before?
Thanks for any help
-- Rosaria
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
...
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<description>Security constraint on all files</description>
<url-pattern>/*</url-pattern>
<url-pattern>/*/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>admin can login</description>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- LOGIN AUTHENTICATION -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<!-- SECURITY ROLES -->
<security-role>
<description>The most secure role</description>
<role-name>admin</role-name>
</security-role>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
