Re: Setting up a secure area

Sun, 12 Mar 2006 11:00:30 -0800 

On 3/12/06, Mark Whitby <[EMAIL PROTECTED]> wrote:
> Hey all
>
> This is probably one of the stupidest posts of the week on here but I'm 
> struggling to find the link online that tells me how to use a Realm to 
> restrict access to a certain folder: /secure/.
>
> I've set up the realm as stated 
> (http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html), using a Data 
> Source Realm which already works, and now I'm trying to set up my system so 
> that only people with a certain user_role can access the secure folder.  I've 
> set up the login page in a /login/ folder using a j_security_check form but 
> now I can't find the link of how to use the login pages to log into the 
> secure area, or the code to make the /secure/ folder secure.  I've looked 
> everywhere but can't for the life of me find it!
>
> Can anyone point me in the right area?

Assuming you're realm login works, all you need to do it configure the
web.xml in your web application to restrict access unless the user has
a given role. The example below restricts access to any request
(url-pattren) to any user that doesn't have the role "admin"...


   <security-constraint>
      <display-name>Access control</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <url-pattern>/*</url-pattern>
                <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
                <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>admin</role-name>
      </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>


    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>LoginRealm</realm-name>
      <form-login-config>
        <form-login-page>/loginForm.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
    </login-config>

    <security-role>
      <role-name>admin</role-name>
    </security-role>

HTH Mark
>
> Mark Whitby
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to