Hi Thanks for that.
I actually tried this and it works in a way. However it still lets anyone get a listing of all editable files by virtue of the fact that GET and POST methods have no constraints applied to them. Still, it solves the immediate problem which is what I needed. Cheers Duncan -----Original Message----- From: Pike [mailto:[EMAIL PROTECTED] Sent: 27 August 2003 00:37 To: Tomcat Users List Subject: Re: Webdav and security Hi Duncan check this http://www.mail-archive.com/[EMAIL PROTECTED]/ msg101208.html see the <http-method> tags specified there ? if i get it right, you dont want to open the methods GET and POST for everyone, and after that, you want to restrict all methods (PUT,DELETE,PROPFIND,etc) to a certain role does that help ? I havent actually tried this :-) >I have included the org.apache.catalina.servlets.WebdavServlet > in the web.xml descriptor for my application > > <servlet> > <servlet-name>WebdavServlet</servlet-name> > <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet- > class > > <servlet-mapping> > <servlet-name>WebdavServlet</servlet-name> > <url-pattern>/</url-pattern> > </servlet-mapping> > > It all falls down when I try to add security however. > > If all requests have to go through the webdav servlet, then if I > assign the following constraint > > <security-constraint> > <web-resource-collection> > <web-resource-name>The Webdav bit</web-resource-name> > <url-pattern>/*</url-pattern> <!-- or just > <url-pattern>/</url-pattern> --> > </web-resource-collection> > <auth-constraint> > <role-name>somerole</role-name> > </auth-constraint> > </security-constraint> > > this means that no one can see my site unless they log in . Which is > not > what I want of course. goodluck, *-pike =========== 404 Not Found - The weapons you are looking for are currently unavailable. The country might be experiencing technical difficulties, or you may need to adjust your weapons inspectors mandate. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]