One thing you can do is use filters to further restrict users.
So write a filter, which checks for user roles, and foward the ones you
don't want to go further "down" your directory.
Don't forget to map the filter in the web.xml file so tomcat knows where to
restrict.
hope that helps
Terrence
From: "Mark Larson" <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: auth-constraint question
Date: Tue, 11 Jun 2002 13:13:46 -0700
MIME-Version: 1.0
X-Originating-IP: [216.101.100.252]
Received: from [192.18.49.131] by hotmail.com (3.2) with ESMTP id
MHotMailBECFA50A003C4004318FC01231838DE70; Tue, 11 Jun 2002 13:14:02 -0700
Received: (qmail 20437 invoked by uid 97); 11 Jun 2002 20:13:50 -0000
Received: (qmail 20423 invoked by uid 98); 11 Jun 2002 20:13:50 -0000
>From tomcat-user-return-22211-t3szeto Tue, 11 Jun 2002 13:15:44 -0700
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Delivered-To: mailing list [EMAIL PROTECTED]
X-Antivirus: nagoya (v4198 created Apr 24 2002)
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 11 Jun 2002 20:13:47.0123 (UTC)
FILETIME=[7E3F5430:01C21184]
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Hello,
I am running tomcat 4 stand-alone on Win NT4, using authentication with
mysql (working just fine) on my entire site/webapp. I have a Webdav role and
a Root role defined and need to use both of them in the same webapp.
My entire site is password protected. When I connect with my webdav client,
it allows my Webdav role users to login as planned, but normal Root users
can log in as well. How can I distinguish between these constraints? Below
is a snippet of my web-inf/web.xml...
Thanks in advance,
Mark
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>mysite</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Root</role-name>
<role-name>Webdav</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>mysite</realm-name>
</login-config>
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
_________________________________________________________________
Join the world�s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
