|
Hi,
this is the
solution how it is described in the tomcat-documentation:
--> add to
web.xml:
<security-constraint>
<web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/jsp/security/protected/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>tomcat</role-name> <role-name>role1</role-name> </auth-constraint> </security-constraint>
<!-- Default login configuration uses BASIC authentication
-->
<!-- <login-config> <auth-method>BASIC</auth-method> <realm-name>Example Basic Authentication Area</realm-name> </login-config> -->
<!-- Form-based login is enabled by default. If you wish
to
try Basic authentication, comment out the <login-config> section below and uncomment the one above. --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/jsp/security/login/login.jsp</form-login-page> <form-error-page>/jsp/security/login/error.jsp</form-error-page> </form-login-config> </login-config> --> modify the
tomcat-users.xml like this (located in TOMCAT_HOME/conf)
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" /> <user name="role1" password="tomcat" roles="role1" /> <user name="both" password="tomcat" roles="tomcat,role1" /> </tomcat-users>
I think that your
application MUST be located in the TOMCAT_HOME/webapps-folder for using the
login,
but I'm not sure
(this is were I have a problem with).
You can find an
example for logging in in
TOMCAT_HOME/webapps/examles/jsp/security.
Good
luck.
Mascha
____________________ Mascha-Kathinka Kluge Tel: +49 (931) 35 45 8-44 http://www.bytecom.net
|
