Hello;
I've been struggling with this for a couple of weeks now. I've searched
web sites, forums and lists, but I can't seem to find the information I
want.
We have two web sites on a Tomcat 5.5 server (virtual hosts?). I didn't
set up the server, but I've been tasked to password protect a directory
on one of the sites. I've already successfully password protected a
directory one site (site1) using a MemoryRealm, , but would like to
protect another site (site2).
Here are the working <security-constraint> , <login-config>, and
<security-role> sections challange for UN/PW when a user tries to access
the directory on site1. It's located in
D:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml
<!-- Begin code modified 20090320 by DJG to password protect Millennium
user directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Test
Application</web-resource-name>
<url-pattern>/site1_staff/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>site1staff</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Site1 Users</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in to
the Manager Application</description>
<role-name>site1staff</role-name>
</security-role>
<!-- End code modified 20090320 by DJG to password protect Millennium
user directory -->
I tried to just change the relevant arguments of D:\Program
Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml so a directory
on a site2 was password protected, but changing it (and restarting the
tomcat server) did not produce a challenge when going to this directory
<!-- Begin code modified 20120214 by DJG to password protect AskherePA
staff directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Test
Application</web-resource-name>
<url-pattern>/site2/site2staff/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>site2staff</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Site2 Staff</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in to
the Manager Application</description>
<role-name>site2staff</role-name>
</security-role>
<!-- End code modified 220120214 by DJG to password protect AskherePA
staff directory -->
Here's the D:\Program Files\Apache Software Foundation\Tomcat
5.5\conf\tomcat-users.xml file
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="site1staff"/>
<role rolename="site2staff"/>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="site1UN" password="site1PW" roles="site1staff"/>
<user username="site2UN" password="site2PW" roles="site2staff"/>
</tomcat-users>
The two directories appear in D:\Program Files\Apache Software
Foundation\Tomcat 5.5\webapps\cfusion\site1_staff and D:\Program
Files\Apache Software Foundation\Tomcat 5.5\webapps\cfusion\site2\site2staff
Of course, I would ideally like to password protect both directories on
both sites (and other directories on other sites as well), but if I can
get this working for now, my boss'll be happy!
Thanks!
Dennis Gormley
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
