The second. I can see the files even without having authenticated. The funny part is that it works correctly for /* and for sub-directories that I have not yet created.
-- Rosaria -----Original Message----- From: Carl Walker [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 11:37 AM To: Tomcat Users List Subject: Re: problems with web.xml and security In which way doesn't it work? Are you prohibited from viewing the files after logging in or can you see the files even if you haven't authenticated? -Carl Rosaria Silipo wrote: > Hi, > > I am trying to set up Tomcat as a secure web engine. > From the tutorial I understood that you should insert the following > lines in web.xml and the password protection should work. > > This works perfectly for files in the root directory (/*), it does not > work for files in subdirectories, like /secure/*. > > Have you have ever seen this problem before? > > Thanks for any help > > -- Rosaria > > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > ... > > <!-- SECURITY CONSTRAINT --> > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Pages</web-resource-name> > <description>Security constraint on all files</description> > <url-pattern>/*</url-pattern> > <url-pattern>/secure/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > > <auth-constraint> > <description>admin can login</description> > <role-name>admin</role-name> > </auth-constraint> > > <user-data-constraint> > <description>SSL not required</description> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <session-config> > <session-timeout>30</session-timeout> > </session-config> > > <!-- LOGIN AUTHENTICATION --> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>default</realm-name> > <form-login-config> > <form-login-page>/LoginForm.html</form-login-page> > <form-error-page>/LoginError.html</form-error-page> > </form-login-config> > > </login-config> > > <!-- SECURITY ROLES --> > > <security-role> > <description>The most secure role</description> > <role-name>admin</role-name> > </security-role> > > </web-app> > > -- Rosaria > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
