Version: Tomcat 4.1.12 on Solaris 8
I'm trying to configure the WebDAV application included in the Tomcat
4.1.12 distribution so that it requires a login to add or remove files but
not to view them.
If I use the web.xml security-constraint contained in the distribution --
<security-constraint>
<web-resource-collection>
<web-resource-name>The Entire Web Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
-- then all attempts to access the content, including a simple browser
request for <http://localhost:8080/webdav/> require a login.
I thought I could password protect only adding and removing files by adding
<http-method> for PUT and DELETE as shown below --
<security-constraint>
<web-resource-collection>
<web-resource-name>The Entire Web Application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
-- but, if I do that, I seem to be able to add and remove files using my
WebDAV client (Web Folders on Windows XP) without authenticating.
I can't help but think that I'm missing something obvious. Can anyone
help?
Thanks in advance.
--Jim
==================================
Jim Coble
Senior Technology Specialist
Center for Instructional Technology
Email: [EMAIL PROTECTED]
Voice: 919-660-5974 Fax: 919-660-5923
Box 90198, Duke University
Durham, NC 27708-0198
==================================
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
