>The servlet-spec also describes the deployment descriptor : web.xml for
>webApplications. There is the place to put security relevant tags that
>will cause the servlet-container to restrict access.
>So really read the section 11 in the spec.
oh read the specs ... i misunderstood the last mail. i thought of the
Servlet-API-Docu :-) sorry for that.
thats my web.xml (in /webapps/theapp/WEB-INF/):
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<servlet>
<servlet-name>
theapp
</servlet-name>
<servlet-class>
at.mic.ExtremeServlet
</servlet-class>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Example Basic Authentication Area</realm-name>
</login-config>
</web-app>
>Take care ,
oh i always do :)
thanks for response
bs
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
