Dennis Gormley wrote:
Hello;
I've been struggling with this for a couple of weeks now. I've searched
web sites, forums and lists, but I can't seem to find the information I
want.
We have two web sites on a Tomcat 5.5 server (virtual hosts?). I didn't
set up the server, but I've been tasked to password protect a directory
on one of the sites. I've already successfully password protected a
directory one site (site1) using a MemoryRealm, , but would like to
protect another site (site2).
Here are the working <security-constraint> , <login-config>, and
<security-role> sections challange for UN/PW when a user tries to access
the directory on site1. It's located in
D:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml
<!-- Begin code modified 20090320 by DJG to password protect Millennium
user directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Test
Application</web-resource-name>
<url-pattern>/site1_staff/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>site1staff</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Site1 Users</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in to
the Manager Application</description>
<role-name>site1staff</role-name>
</security-role>
<!-- End code modified 20090320 by DJG to password protect Millennium
user directory -->
I tried to just change the relevant arguments of D:\Program
Files\Apache Software Foundation\Tomcat 5.5\conf\web.xml so a directory
on a site2 was password protected, but changing it (and restarting the
tomcat server) did not produce a challenge when going to this directory
<!-- Begin code modified 20120214 by DJG to password protect AskherePA
staff directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Test
Application</web-resource-name>
<url-pattern>/site2/site2staff/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>site2staff</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Site2 Staff</realm-name>
</login-config>
<security-role>
<description>The role that is required to log in to
the Manager Application</description>
<role-name>site2staff</role-name>
</security-role>
<!-- End code modified 220120214 by DJG to password protect AskherePA
staff directory -->
Here's the D:\Program Files\Apache Software Foundation\Tomcat
5.5\conf\tomcat-users.xml file
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="site1staff"/>
<role rolename="site2staff"/>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="site1UN" password="site1PW" roles="site1staff"/>
<user username="site2UN" password="site2PW" roles="site2staff"/>
</tomcat-users>
The two directories appear in D:\Program Files\Apache Software
Foundation\Tomcat 5.5\webapps\cfusion\site1_staff and D:\Program
Files\Apache Software Foundation\Tomcat
5.5\webapps\cfusion\site2\site2staff
Of course, I would ideally like to password protect both directories on
both sites (and other directories on other sites as well), but if I can
get this working for now, my boss'll be happy!
Hi.
You probably should not be touching (have been touching) the file D:\Program Files\Apache
Software Foundation\Tomcat 5.5\conf\web.xml . Hopefully you kept a backup of the original.
Can you paste here the file D:\Program Files\Apache Software Foundation\Tomcat
5.5\conf\server.xml ? (remove or obscure any confidential information).
Someone may be able to give you a better way than fiddling with the default
web.xml.
This being said, Tomcat 5.5 is very old and either not supported anymore, or about to
become unsupported. The current version is Tomcat 7.0.35.
See here : http://tomcat.apache.org/whichversion.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
