int" is the "" element
that may be nested under a "" element.
> However I found that if I placed an empty 'auth-constraint' element in
the web.xml then I could NOT access /protected/protected.jsp without
authorisation. e.g include the following in web.xml
sub-folder 'protected' to match the above url-pattern
I found that with this configuration I was able to access
/protected/protected.jsp without any authorisation.
However I found that if I placed an empty 'auth-constraint' element in the
web.xml then I could NOT access /pr
2013/5/3 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Cédric,
>
> On 5/3/13 3:09 AM, Cédric Couralet wrote:
>> More of a servlet spec question than a tomcat one, and, from what
>> I read, a rather long shot, but is there a wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cédric,
On 5/3/13 3:09 AM, Cédric Couralet wrote:
> More of a servlet spec question than a tomcat one, and, from what
> I read, a rather long shot, but is there a way to define
> auth-constraint dynamically in web.xml?
>
> For insta
Hello,
More of a servlet spec question than a tomcat one, and, from what I
read, a rather long shot, but is there a way to define auth-constraint
dynamically in web.xml?
For instance I'd like to have the following
/something/(.*)/someother
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 2/14/12 3:12 AM, Hugi Michael, Informaticon AG wrote:
> Thank you very much for your response. I thought I did it? The
> pattern /rest/device is in the xml that I sent.?
Oops, I missed this:
>> /rest/device
>> /rest/device/*
(It got l
Betreff: Re: problem with auth-constraint in xml
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 2/13/12 8:30 AM, Hugi Michael, Informaticon AG wrote:
> I have a problem with defining in the web.xml of my
> java project. I defined sereval user roles, which have access to
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 2/13/12 8:30 AM, Hugi Michael, Informaticon AG wrote:
> I have a problem with defining in the web.xml of
> my java project. I defined sereval user roles, which have access
> to sereval . Here is a part of the xml, in which I
> define pat
Hello
I have a problem with defining in the web.xml of my java
project. I defined sereval user roles, which have access to sereval
. Here is a part of the xml, in which I define patterns, that can
be acessed by every role.
Webservice for
everyone
"Caldarale, Charles R" wrote:
>> From: Bijesh Vijayan [mailto:bijes
v...@gmail.com]
>> Subject: Re: auth-constraint
>
>> Is there a way in tomcat 7 to mention the roles outside of web.xml.
>
>Read section 8 of the servlet 3.0 spec; you might be able to use
> From: Bijesh Vijayan [mailto:bije...@gmail.com]
> Subject: Re: auth-constraint
> Is there a way in tomcat 7 to mention the roles outside of web.xml.
Read section 8 of the servlet 3.0 spec; you might be able to use a
web-fragment.xml to list the roles.
- Chuck
THIS COMMUNIC
..@gmail.com]
>> Subject: auth-constraint
>
>> I was having the following entry in my application web.xml in tomcat 5.
>
> You need to be precise when stating Tomcat versions; Tomcat 5.what.what?
>
>>
>> *
>>
>
> Let's look at section 12.7 of th
> From: Bijesh Vijayan [mailto:bije...@gmail.com]
> Subject: auth-constraint
> I was having the following entry in my application web.xml in tomcat 5.
You need to be precise when stating Tomcat versions; Tomcat 5.what.what?
>
> *
>
Let's look at section 12.7 of
Hi,
I was having the following entry in my application web.xml in tomcat 5.
*
I was getting all the roles from the Database.
When I migrated to tomcat 7, I need to mention all the roles in
application web.xml.
Hi Tim,
Good suggestion! I'll look into it. I am in a situation where I'll prefer to
work on my own than to bother IT with LDAP role setup and subsequent access
granting to users. By having a JDBC Realm with a blacklist of users, I can
easily control the access.
I'll probably dig into the filter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
On 6/24/2009 2:59 PM, Tim Funk wrote:
> If you want a black list - it would probably be easier to write a filter
> [programmatic security] instead of declarative security.
You can even combine declarative + programmatic and read your
configurati
If you want a black list - it would probably be easier to write a filter
[programmatic security] instead of declarative security. [At a minimum,
everyone would still need to be authenticated - its the authorization
which is done via the filter (actually the filter will defer to the
realm so the
Jun 2009 23:12:35 +0800
> Subject: Re: Help: auth-constraint with Tomcat 6
> From: ehch...@gmail.com
> To: users@tomcat.apache.org
>
> Hi Tim,
>
> Basically the first realm contains list of users we want to deny access. The
> password would be dynamic, making it difficult
Hi Tim,
Basically the first realm contains list of users we want to deny access. The
password would be dynamic, making it difficult to get through. Well, maybe I
should really consider working with specific roles. That is, grant users
with roles that would allow them access. Then I would probably
Christopher Schultz wrote:
>> Would it also be possible to change the behavior of the
>> combinedRealm/LockoutRealm such that if username is found in prior
>> realm and password is incorrect, then it skips the other realms? It
>> only look into the other realms if username is not found in prior
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Clement,
On 6/24/2009 2:57 AM, Clement Chong wrote:
>
>
> *
>
>
> User is now authenticated via JDBCRealm followed by JNDIRealm and
> would be able to access protected pages with any role.
>
> The question I have is how can I deny a g
Do you really want to have allow different passwords for the same user
id? Sounds dangerous.
For different access control restrictions you needs to set up various
roles, which are names chosen by you. Which can be something like
- reader, writer
- admin, superuser, user
- it, sales, marketing,
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout
realm with nested JDBCRealm and JNDIRealm. The security constraint has
also been setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout
realm with nested JDBCRealm and JNDIRealm. The security constraint has
also been setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
Hi tomcat users,
I am using Tomcat 6.0.20 and have successfully implemented a lockout realm
with nested JDBCRealm and JNDIRealm. The security constraint has also been
setup in my application WEB-INF/web.xml file:
*
User is now authenticated via JDBCRealm followed by JNDIRealm and
I am using the containers JDBCRealm but would like to allow any
authenticated users (without roles) to access protected resources. I realise
that the handling of * was modified to comply with
the Servlet specification in Tomcat 5.5.x but is it really necessary to give
all users an essentially meani
I was hoping to get something else. Sure our sysadmin will enjoy to put
600 usernames in one line of /etc/groups (assuming HP-UX and NFS allows
it)...
Mark Thomas a écrit :
>David Delbecq wrote:
>
>
>>*outch* This mean i will have to change my web.xml with future tomcat
>>version.
>>How do I al
David Delbecq wrote:
> *outch* This mean i will have to change my web.xml with future tomcat
> version.
> How do I allow access to a ressource to all authenticated users now?
Create a global role. Assign all users to that role. Use the global
role rather than "*".
Mark
-
Oliver Kohll wrote:
> Oops no it didn't, my mistake. The app now doesn't prompt for
> authentication at all. Is there a way of getting it to work so that the
> authentication is used but you don't have to hard code roles in web.xml?
Make every user a member of the global role and use this role r
*outch* This mean i will have to change my web.xml with future tomcat
version.
How do I allow access to a ressource to all authenticated users now?
Mark Thomas a écrit :
>Oliver Kohll wrote:
>
>
>>Hi,
>>
>>I have security for a web application managed by a DataSource database
>>realm. Using to
t;[EMAIL PROTECTED]>
Date: 6 February 2006 10:54:55 GMT
To: "Tomcat Users List"
Subject: Re: auth-constraint in web.xml in tomcat 5.5.15
Thanks. Commenting out the got the result I want.
Oliver
On 3 Feb 2006, at 17:54, Mark Thomas wrote:
Oliver Kohll wrote:
Hi,
I have security f
Thanks. Commenting out the got the result I want.
Oliver
On 3 Feb 2006, at 17:54, Mark Thomas wrote:
Oliver Kohll wrote:
Hi,
I have security for a web application managed by a DataSource
database
realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there
seems to
be a problem.
Oliver Kohll wrote:
> Hi,
>
> I have security for a web application managed by a DataSource database
> realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there seems to
> be a problem.
> The problem seems to be the * line. If I put a
> specific role in, users in that role can log in but
Hi,
I have security for a web application managed by a DataSource
database realm. Using tomcat 5.5.14 this works fine but in 5.5.15
there seems to be a problem.
My application's web.xml contains
portalBase Application
/*
*
34 matches
Mail list logo
