Tomcat subdirectories BASIC authentication

Sat, 15 Aug 2009 00:33:53 -0700 

Dear Tomcat users,
i would ask you if is it possibile in Tomcat  5.5 to protect
subdirectories of my deployed application. I'll explain an example.
Suppose i have deployed my app in /application. This application has
two subdirectories, subdir_1, subdir_2, but only in the url not in the
file system.

/application
/application/subdir_1
/application/subdir_2

Suppose i have two user, user_1,user_2. I would like to do that user_1
has a full access in my application, but user_2 only subdir_1. When
user_2 try to go in /application/subdir_1 will be request him username
and password.

i've tried this configuration but doesn't work:

tomcat-users.xml:

<user username="user_1" password="pass1"
roles="admin,manager,application,subdir_1,subdir_2"/>
<user username="user_2" password="pass2" roles="subdir_1"/>

In the application web.xml:

<security-role>
    <role-name>application</role-name>
  </security-role>

 <security-role>
    <role-name>subdir_1</role-name>
  </security-role>

 <security-role>
    <role-name>subdir_2</role-name>
  </security-role>

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/application</url-pattern>
    <url-pattern>/application/subdir_1</url-pattern>
    <url-pattern>/application/subdir_2</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>application</role-name>
  </auth-constraint>
 </security-constraint>

  <security-constraint>
  <web-resource-collection>
    <web-resource-name>Application</web-resource-name>
    <url-pattern>/application/subdir_1/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>applicazione</role-name>
    <role-name>subdir_1</role-name>
  </auth-constraint>
 </security-constraint>


I can proted the entire application with /* in security constraint,
but not single subdirectories .
Wehere is a mistake? Is it possible to do this in Tomcat 5.5?
Thanks in advance

-- 
Ing. Gabriele Fatigati

Parallel programmer

CINECA Systems & Tecnologies Department

Supercomputing Group

Via Magnanelli 6/3, Casalecchio di Reno (BO) Italy

www.cineca.it                    Tel:   +39 051 6171722

g.fatigati [AT] cineca.it

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to