one piece I left out -
you also need to tell your app how to authenticate.
(Although, I am surprised Tomcat gave you access to a protected resource)
(i.e., how to get user credentials, in order to determine if they have
access)
There are 4 types of authentication:
<login-config>
<auth-method>BASIC</auth-method> <!-- optional -->
<realm-name>timasta</realm-name> <!-- optional -->
</login-config>
authenticates using BASIC - popup dialog boxes.
<login-config>
<auth-method>CLIENT-CERT</auth-method> <!-- optional -->
</login-config>
authenticates using a certificate, X509. Usually found in a header.
<login-config>
<auth-method>FORM</auth-method> <!-- optional -->
<form-login-config> <!-- optional -->
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
authenticates using forms. This works in conjunction with a page,
login.jsp, which has a form with fields j_username and j_password and action
j_security_check.
the final type is DIGEST, but i don't know if Tomcat supports this, as it is
not required.
Tim Julien
HP Middleware
-----Original Message-----
From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 26, 2001 5:49 PM
To: [EMAIL PROTECTED]
Subject: Re: How to set access restriction to servlets in tomcat?
Hi, Tim: Thank you for your reply. I followed your instruction and edited
the web.xml like the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>IsItWorking</web-resource-name>
<url-pattern>/servlet/IsItWorking</url-pattern>
</web-resource-collection>
</security-constraint>
<servlet-mapping>
<url-pattern>/servlet/IsItWorking</url-pattern>
<servlet-name>IsItWorking</servlet-name>
</servlet-mapping>
<servlet>
<servlet-name>IsItWorking</servlet-name>
<servlet-class>IsItWorking</servlet-class>
</servlet>
I have the testing servlet IsItWorking in the
$TOMCAT_HOME/webapps/WEB-INF/classes directory. But
when I tried to access the servlet, there is no loggin prompt for me, I just
get the page right away. Do you see anything
wrong with my settings in the web.xml. Thanks for your help.
----- Original Message -----
From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 26, 2001 10:18 AM
Subject: RE: How to set access restriction to servlets in tomcat?
use the security-constraint element in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Servlets</web-resource-name>
<url-pattern>/main/secure</url-pattern>
</web-resource-collection>
</security-constraint>
<servlet-mapping>
<url-pattern>/main/secure</url-pattern>
<servlet-name>main servlet</servlet-name>
</servlet-mapping>
<servlet>
<servlet-name>main servlet</servlet-name>
<servlet-class>org.foo.Servlet</servlet-class>
</servlet>
Tim Julien
HP Middleware
-----Original Message-----
From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 26, 2001 11:05 AM
To: [EMAIL PROTECTED]
Subject: How to set access restriction to servlets in tomcat?
Could someone drop me any hints about how to set access restriction to
servlets, please?
One of my servlets needs to get the user name using request.getRemoteUser
() method.
Can we set access restriction to servlets in Tomcat?
Thanks for you help!
RE: How to set access restriction to servlets in tomcat?
JULIEN,TIMOTHY (HP-NewJersey,ex2) Fri, 27 Apr 2001 00:12:10 -0700
- How to set access restriction to servlet... Xiaofeng Chen
- RE: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- Re: How to set access restricti... Xiaofeng Chen
- core java <<out of topic&... Shailendra
- Re: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- Re: How to set access restricti... Xiaofeng Chen
- RE: How to set access restriction t... JULIEN,TIMOTHY (HP-NewJersey,ex2)
- RE: How to set access restriction t... Boyce, David
- Re: How to set access restricti... Xiaofeng Chen
