K A wrote:
Hello
I've developed a web-application in which I'd like to have some control of which resources are accessed by whom. My
project is called "Server" in which I've got 3 directories: "/user" which all roles are allowed to
access, "/admin" which ONLY administrators are allowed to access and "resources" in which I've got
some files which users are allowed to read and administrators are allowed to both read and write.
What do you mean by "write" ? There is nothing in tomcat itself which allows users to
write anywhere on the server.
If it is your application which allows some users to do that, then it belongs to your
application to check their permissions to do so.
I'm using a FORM to login. The form action is "POST" and the action is "j_security_check", the
username field's name is "j_username" and the password field's is "j_password".
I've implemented a security-check in the jsp-file itself where I'm checking for
the type of login the current user has. If the type is aproved then the user is
allowed to access the page.
That is all very nice, but mostly irrelevant. The important thing here is that your
application would know who the user is, if it wants to control access to some functions in
function of the user.
But when I test the application and try to access the files in the other library then I've got access no matter what. This wasn't the intension.
...
Can somebody please give me a detailed walkthrough on how to achieve this?
I believe that for that, you'll have to be prepared to pay someone.
To say the above in another way : in tomcat itself, there is no mechanism for allowing a
user to upload anything and write it somewhere on the server.
So you will not find anything in the tomcat documentation which explains how to do what
you want.
You will have to look for a separate web application which does that.
And such an application would most probably contain some form of a permissions
mechanism.
One such application is DAV, which used to be included in the tomcat sample
applications.
If you use the "Find Page" button in the FAQ, and enter "DAV", it shows some links which
might help you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
