With Tomcat you can also use a URL Rewrite Filter to transparently (HTTP 200) redirect requests to the protected folder to a HTTP 403 status or a password required page.
But I can't gurantee if URL Rewriting makes the directory fully secure. ----- Original Message ---- From: David Delbecq <[EMAIL PROTECTED]> To: Tomcat Users List <users@tomcat.apache.org> Sent: Tuesday, December 5, 2006 5:58:53 AM Subject: Re: How to password protect a directory? Mikolaj Rydzewski a écrit : > Hi, > > I have several directories mapped to my Tomcat instance with > context.xml like this: > > <?xml version="1.0" encoding="ISO-8859-2"?> > <Context > cookies="false" > docBase="/home/stats/some_dir" > path="/stats" > /> > > There're only html files there. No JSP, servlets, and of course no > WEB-INF. How can I password protect those directories (or webapps)? Do > I have to create appropriate WEB-INF/web.xml and security constraints? > Or is there any simpler solution? > Only static resources? Yes, there is a simpler solution, don't use tomcat, use an apache web server and a .htaccess file. If you really need tomcat, yes, a web.xml is highly recommanded then. ____________________________________________________________________________________ Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
