-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Savitha,
On 12/8/11 11:49 AM, Savitha Akella wrote: > I have multiple applications hosted on my tomcat server which > includes web services, web applications etc. > > To secure the web services, we made changes to server.xml > ->connector element and defined roles in tomcat-users.xml. The only change you can make to your connector to "secure" it would be to make it into HTTPS. That doesn't really secure anything other than the data that gets exchanged during the HTTP conversation. > In the web services, we made changes in the web.xml to add the > security-constraint, security-role etc. > > However, the problem we are facing is that all the web application > hosted on the Tomcat are prompting for certificate while accessing > them. Which web.xml did you change? The one for your webapp in WEB-INF/web.xml or the site-wide Tomcat default one in conf/web.xml? > Is there any way to restrict the security only to a single web > component on the Tomcat server rather than the entire server or all > applications on the server. Use WEB-INF/web.xml for your security-constraints, where they belong. It appears you have modified the site-wide constraints which is why they are applying to all webapps. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hALMACgkQ9CaO5/Lv0PBAHQCgjNPTJ46bkCyMFULiYtsVcmar RVYAoKq/i/0HZZu+/PWyEKsOx4DlCmsm =Xph9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org