Hi Fritz, So, are you saying that I have to have basic authentication enabled in order to restrict access to certain directories?
Thanks, Ike -----Original Message----- From: Fritz Schneider [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:04 AM To: 'Tomcat Users List' Subject: RE: How do I restrict access to webapps applications from browser users? Ike. You need to complete your <security-constraint> with authorization, login, and role information. Here is what works for me: <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Restricted Files</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>app1</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>My Application</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the application </description> <role-name>app1</role-name> </security-role> You might also want to check out the single login valve. Fritz --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
