Craig, this looks really great (still having some
minor problems using JDBCRealm instead of the
SimpleRealm on the security example)
I was wondering if somebody (you?) have already come
across the following requirement:
We have already implemented portal protection
(multiple sites within same domain) using encripted
cookies. The central Authentication Servlet is
checking and also actualising the cookie credentals.
A simple JSP code fragment is being included on each
protected page so that request cannot be made
directly.
Reading about the Servlet API 2.3 I have noticed
something called "filters" which looks very much like
what we are doing now (except that the URI's don't
need to look like
/AuthServlet?page=/some/where/something.jsp anymore)
Would it be possible in current Tomcat 3.2 to protect
context with a Realm which would check on cookie and
pass on to the protected logic the proprietary cookie
data values?
Thanks in advance
Drasko
--- "Craig R. McClanahan"
<[EMAIL PROTECTED]> wrote:
> Jim Urban wrote:
>
> > I am running Tomcat with Apache on NT. I have a
> servlet context which
> > contains three servlets and their supporting
> classes. All the .class files
> > have been "jared" and the .jar file placed in the
> web-inf/lib directory. I
> > have set up my web.xml file to find the servlets
> an pass them init params
> > just fine. I now need to limit access to the
> servlets to different groups
> > of users. How do I set this up? Can someone
> please send me a sample of
> > "<security-constraint>" section (is this where it
> gets done?) of a web.xml
> > file?
> >
>
> The "examples" web application that comes with
> Tomcat has a <security-constraint> set
> up on the path
>
>
http://localhost:8080/examples/jsp/security/protected
>
> which will trigger form-based login. See
> "$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml".
> The requirements (and another example) are found in
> the Servlet Specification, version
> 2.2, at
>
<http://java.sun.com/products/servlet/download.html>.
>
> For Tomcat, the default location for information
> describing users, passwords, and
> roles is in a text file named
> $TOMCAT_HOME/conf/tomcat-users.xml. It is also
> possible
> to configure Tomcat to use a database for username
> lookups (using the JDBCRealm
> class), or to write your own custom Realm
> implementation to look anywhere else.
>
> NOTE: If you are running Tomcat behind Apache in
> the usual fashion (i.e. having
> Apache serve static resources), *only* the dynamic
> requests that are actually
> forwarded to Tomcat will be protected by these
> constraints.
>
> > Jim Urban
>
> Craig McClanahan
>
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
