RE: How to set access restriction to servlets in tomcat?

Boyce, David Fri, 27 Apr 2001 08:14:27 -0700
Also, the <login-config> elements in the sample aren't properly closed with
a </login-config>. The / is missing.

-dsb

-----Original Message-----
From: JULIEN,TIMOTHY (HP-NewJersey,ex2) [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 27, 2001 11:01 AM
To: '[EMAIL PROTECTED]'
Subject: RE: How to set access restriction to servlets in tomcat?


The login-config element should occur only once in your whole web.xml, and
it should be on its own - not part of other elements.  Sorry I didn't make
this clear.

Also, you may have to configure Apache to do BASIC authentication - but I'm
not sure.

Tim

-----Original Message-----
From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 27, 2001 10:26 AM
To: [EMAIL PROTECTED]
Subject: Re: How to set access restriction to servlets in tomcat?


I added the <auth-method> tag in web.xml and restarted tomcat and apache. It
still doesn't work.
The following is my settings in web.xml. Do you think there are other things
we need to do? Thanks.

<security-constraint>
  <web-resource-collection>
    <web-resource-name>IsItWorking</web-resource-name>
    <url-patterl>/servlet/IsItWorking</url-pattern>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>timasta</realm-name>
    <login-config>
  </web-resource-collection>
</security-constraint>

<servlet-mapping>
  <url-pattern>/servlet/IsItWorking</url-pattern>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>timasta</realm-name>
  <login-config>
  <servlet-name>IsItWorking</servlet-name>
</servlet-mapping>

<servlet>
  <servlet-name>IsItWorking</servlet-name>
  <servlet-class>IsItWorking</servlet-class>
</servlet>


----- Original Message -----
From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 27, 2001 2:31 AM
Subject: RE: How to set access restriction to servlets in tomcat?


>
>
> one piece I left out -
>
> you also need to tell your app how to authenticate.
> (Although, I am surprised Tomcat gave you access to a protected resource)
> (i.e., how to get user credentials, in order to determine if they have
> access)
>
> There are 4 types of authentication:
>
> <login-config>
>      <auth-method>BASIC</auth-method> <!-- optional -->
>      <realm-name>timasta</realm-name> <!-- optional -->
> </login-config>
>
> authenticates using BASIC - popup dialog boxes.
>
>
> <login-config>
>      <auth-method>CLIENT-CERT</auth-method> <!-- optional -->
> </login-config>
>
> authenticates using a certificate, X509.  Usually found in a header.
>
> <login-config>
>      <auth-method>FORM</auth-method> <!-- optional -->
>      <form-login-config> <!-- optional -->
>           <form-login-page>/login.jsp</form-login-page>
>           <form-error-page>/error.jsp</form-error-page>
>      </form-login-config>
> </login-config>
>
> authenticates using forms.  This works in conjunction with a page,
> login.jsp, which has a form with fields j_username and j_password and
> action
> j_security_check.
>
> the final type is DIGEST, but i don't know if Tomcat supports this, as it
> is
> not required.
>
> Tim Julien
> HP Middleware
>
> -----Original Message-----
> From: Xiaofeng Chen [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 26, 2001 5:49 PM
> To: [EMAIL PROTECTED]
> Subject: Re: How to set access restriction to servlets in tomcat?
>
>
> Hi, Tim: Thank you for your reply. I followed your instruction and edited
> the web.xml like the following:
> <security-constraint>
>   <web-resource-collection>
>   <web-resource-name>IsItWorking</web-resource-name>
>   <url-pattern>/servlet/IsItWorking</url-pattern>
> </web-resource-collection>
> </security-constraint>
>
> <servlet-mapping>
>   <url-pattern>/servlet/IsItWorking</url-pattern>
>   <servlet-name>IsItWorking</servlet-name>
> </servlet-mapping>
>
> <servlet>
>   <servlet-name>IsItWorking</servlet-name>
>   <servlet-class>IsItWorking</servlet-class>
> </servlet>
>
> I have the testing servlet IsItWorking in the
> $TOMCAT_HOME/webapps/WEB-INF/classes directory. But
> when I tried to access the servlet, there is no loggin prompt for me, I
> just
> get the page right away. Do you see anything
> wrong with my settings in the web.xml. Thanks for your help.
>
>
> ----- Original Message -----
> From: "JULIEN,TIMOTHY (HP-NewJersey,ex2)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, April 26, 2001 10:18 AM
> Subject: RE: How to set access restriction to servlets in tomcat?
>
>
>
>
>
> use the security-constraint element in  web.xml:
>
> <security-constraint>
>   <web-resource-collection>
>   <web-resource-name>Secure  Servlets</web-resource-name>
> <url-pattern>/main/secure</url-pattern>
> </web-resource-collection>
> </security-constraint>
>
> <servlet-mapping>
>   <url-pattern>/main/secure</url-pattern>
> <servlet-name>main  servlet</servlet-name>
> </servlet-mapping>
>
> <servlet>
> <servlet-name>main  servlet</servlet-name>
>   <servlet-class>org.foo.Servlet</servlet-class>
> </servlet>
>
> Tim Julien
> HP Middleware
>
> -----Original Message-----
> From: Xiaofeng Chen  [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 26, 2001 11:05  AM
> To: [EMAIL PROTECTED]
> Subject: How to set  access restriction to servlets in tomcat?
>
>
> Could someone drop me any hints about how to set  access restriction to
> servlets, please?
> One of my servlets needs to get the user name using  request.getRemoteUser
> () method.
> Can we set access restriction to servlets in  Tomcat?
>
> Thanks for you help!
>
RE: How to set access restriction to servlets in tomcat?

Reply via email to
