kaprasi wrote: > Hi, > > I have written a simple web-app and I have deployed it in tomcat-6.0.18. > I want to ensure that a particular jsp file can't be accessed directly. > As in, in the tomcat page (http://localhost:8080/) on the left side there is > a link titled Status. > Clicking on which brings up a log-in dialog. > I want the same thing to happen if someone tries to access test.jsp > directly. > > I added the following role to tomcat-users.xml : > > <role rolename="manager"/> > <user username="tomcat" password="s3cret" roles="manager"/> > > I also added <auth-constraint> to my web.xml but still it is possible to > access the jsp directly by this url : > http://localhost:8080/myApp/jsp/test.jsp where as I expect the jsp page to > come up only when following url is keyed in : > http://localhost:8080/myApp/first > > What should I do in order to force user to go through the > user-authentication?
you need to define a login-config config section too. google for some examples on how to do this. > Thanks in advance. > > The war contents are like this : > > META-INF/ > META-INF/MANIFEST.MF > WEB-INF/ > WEB-INF/web.xml > WEB-INF/lib/ > WEB-INF/lib/servlet-api.jar remove the above line, it is not necessary and will likely cause your app to demonstrate unpredictable behaviour. p > WEB-INF/classes/ > WEB-INF/classes/com/ > WEB-INF/classes/com/myComp/ > WEB-INF/classes/com/myComp/MyServlet.class > jsp/ > jsp/myfile.jsp > jsp/some.jsp > jsp/test.jsp > jsp/welcome.jsp > > And the web.xml looks like this : > > <?xml version="1.0" encoding="iso-8859-1"?> > <!DOCTYPE web-app PUBLIC > "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > <display-name>J2EE Examples Application</display-name> > <!-- Standard Action Servlet Configuration (with debugging) --> > <servlet> > <servlet-name>MyServlet</servlet-name> > <servlet-class>com.myComp.MyServlet</servlet-class> > </servlet> > > <!-- Standard Action Servlet Mapping --> > <servlet-mapping> > <servlet-name>MyServlet</servlet-name> > <url-pattern>/first</url-pattern> > </servlet-mapping> > > <security-constraint> > > <web-resource-collection> > <url-pattern>/jsp/test.jsp</url-pattern> > </web-resource-collection> > > <auth-constraint> > <role-name>manager</role-name> > </auth-constraint> > > </security-constraint> > > <security-role> > <description> > The role that is required to log in to the Manager Application > </description> > <role-name>manager</role-name> > </security-role> > > </web-app> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
