Re: security_constraint question

Sat, 22 Jun 2002 13:27:50 -0700 

Thanx, that did it!

----- Original Message -----
From: "Mark A. Richman" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Saturday, June 22, 2002 4:23 PM
Subject: RE: security_constraint question


> Try replacing:
>
> <url-pattern>/comics</url-pattern>
> <url-pattern>/comics/*</url-pattern>
>
> with:
>
> <url-pattern>/*</url-pattern>
>
> This applies the security constraint to your web app (not the root of
> the server). The former would only be effective on
> http://thompson3:8080/comics/comics/.
>
> - Mark
>
>
> -----Original Message-----
> From: Ed Thompson [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, June 22, 2002 3:42 PM
> To: Tomcat Users List
> Subject: security_constraint question
>
> OK, rookie question....
>
> I have a file in $TOMCAT_HOME/webapps/comics  (index.html)
>
> $TOMCAT_HOME/webapps/comics/WEB-INF/web.xml has:
>
>     <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
>      <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/comics</url-pattern>
>          <url-pattern>/comics/*</url-pattern>
>      <!-- If you list http methods, only those methods are protected -->
>      <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>      <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area
> -->
>          <role-name>comics</role-name>
>       </auth-constraint>
>     </security-constraint>
>
> I have is set up for BASIC as my auth-method.  Pretty much cut and paste
> form the examples directory.
>
> However, on my browser when I go to //thompson3:8080/comics, it takes me
> right to index.html.
> Why does it not require me to login first?  What have a missed in the
> Tomcat
> configuration?
>
> Help greatly appreciate - been struggling with this for a couple of
> days...
>
> (PS - the examples works great - going to
> //thompson3:8080/examples/jsp/security/protected forces a login)
>
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to