Re: problems with web.xml and security

Tue, 17 Jun 2003 15:53:18 -0700

You need 2 web.xml files.

In / (or ROOT) for the context that maps to

http://my.domain.com/

and in the web application defined by the context /secure
which may be in the subdirectory webapps/secure, or it
may be webapps/secure.war, or it may be webapps/somethingelse
and have  <Context> element in conf/server.xml point to the
appropriate web application.

This will map to http://my.domain.com/secure

Remember, we're talking about web applications, and *not*
directories.

So, in the web application that you have defined to be
the context /secure, put the security constraint of /*

That will apply to all file *in that context*.  Different
contexts have different web.xml files.  Directories are only
relevant _within_ a web application.

Cheers,
        -- jon

Rosaria Silipo wrote:


Sorry, my mistake!
It worked because in the meantime I removed /secure.
If I rebuild /secure, I can still access it without being authenticated.

Summary: I have web.xml for / and web.xml for /secure.
Without web.xml in /secure/web/WEB-INF I can not build /secure in the
web application.

How do I include /secure in the root web application?

Thanks

-- Rosaria


-----Original Message-----
From: Jon Eaves [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 3:04 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security

Rosaria Silipo wrote:


Thanks Carl,

Yes, I tried to see /secure as first thing and I can see it without
authentication.
I tried to close browser and restart it and I still could see it.
Maybe the problem is on the web.xml of /secure. Is it possible?

-- Rosaria


If I'm reading your sentence correctly, then yes.

If /secure is a different web application than / (or ROOT)
then the different contexts will process different web.xml files.

The /* is relative to the root of the web application, not to
the Tomcat installation.

Cheers,
        -- jon


--
Jon Eaves <[EMAIL PROTECTED]>
http://www.eaves.org/jon
Co-Author of "Apache Tomcat Bible", Wiley 2003


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to