Thanks for the reply Mark,
Firstly how do I test my realm works?
I've changed the code to the following in my web.xml file but it doesn't
work, it just loads up the test page automatically. Where am I going wrong?
<security-constraint>
<display-name>Access control</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>DataSourceRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
This is what's in my server.xml file:
<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
dataSourceName="jdbc/TestDB"
userTable="customer" userNameCol="Username" userCredCol="Password"
userRoleTable="customer_roles" roleNameCol="role_name"/>
This is part of my data source connection - which works
<Resource name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000"
username="root" password="?PlIgO2!"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/fyp?autoReconnect=true"/>
Mark
----- Original Message -----
From: "Mark Lowe" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Sunday, March 12, 2006 7:00 PM
Subject: Re: Setting up a secure area
Assuming you're realm login works, all you need to do it configure the
web.xml in your web application to restrict access unless the user has
a given role. The example below restricts access to any request
(url-pattren) to any user that doesn't have the role "admin"...
<security-constraint>
<display-name>Access control</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LoginRealm</realm-name>
<form-login-config>
<form-login-page>/loginForm.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
HTH Mark
Mark Whitby
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
