This is the web.xml that I am using. This does not work. <?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; version="2.4"> <display-name>Vision Application Logs</display-name> <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>applogs</web-resource-name> <url-pattern>/applogs/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>applogs</realm-name> </login-config> <!-- Security roles referenced by this Web application --> <security-role> <role-name>tomcat</role-name> </security-role> </web-app>
On Wed, Oct 20, 2010 at 4:23 PM, Prastein, Rebeccah H < rebeccah.h.prast...@questdiagnostics.com> wrote: > For the benefit of the original poster: > > If you don't specify any http-methods for the web-resource-collection, > the default behavior is that all methods are protected. > If you specify one or more http-methods, the behavior is that those > specified are protected, and any that are not specified are not > protected. > > Rebeccah > > > > -----Original Message----- > From: Edson Carlos Ericksson Richter [mailto:edsonrich...@hotmail.com] > Sent: Wednesday, October 20, 2010 2:15 PM > To: users@tomcat.apache.org > Subject: Re: Securing A Directory Listing > > Sure, there are more HTTP methods that someone would want to protect > from. > > Thanks for pointing out. > > Regards, > > Edson. > > Em 20/10/2010 18:51, Mark Thomas escreveu: > > On 20/10/2010 15:09, Edson Carlos Ericksson Richter wrote: > >> <web-resource-collection> > >> <web-resource-name>Secure Area</web-resource-name> <description/> > >> <url-pattern>/mysecurearea</url-pattern> > >> <http-method>GET</http-method> > >> </web-resource-collection> > > Bad advice. Don't put the http-method in there. > > > > Mark > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > ------------------------------------------ > The contents of this message, together with any attachments, are > intended only for the use of the person(s) to which they are > addressed and may contain confidential and/or privileged > information. Further, any medical information herein is > confidential and protected by law. It is unlawful for unauthorized > persons to use, review, copy, disclose, or disseminate confidential > medical information. If you are not the intended recipient, > immediately advise the sender and delete this message and any > attachments. Any distribution, or copying of this message, or any > attachment, is prohibited. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
