In /tomcat/Webapps/Projectname/web-inf:
I have inserted this part:
....
</resource-ref>
- <!--inserted from her -->
- <security-constraint>
- <web-resource-collection>
<web-resource-name>user open part</web-resource-name>
<url-pattern>/Server/user/*</url-pattern>
</web-resource-collection>
- <auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
- <security-constraint>
- <web-resource-collection>
<web-resource-name>admin closed part</web-resource-name>
<url-pattern>/Server/admin/*</url-pattern>
</web-resource-collection>
- <auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
- <login-config>
<auth-method>FORM</auth-method>
- <form-login-config>
<form-login-page>/Server/index.jsp</form-login-page>
<form-error-page>/Server/index.jsp</form-error-page>
</form-login-config>
</login-config>
- <security-role>
<role-name>admin</role-name>
<role-name>user</role-name>
</security-role>
- <!--inserted to here -->
- <servlet>
...
In /tomcat/Conf/web.xml:
I have inserted this part:
.................
<!--inserted from here-->
<security-constraint>
<web-resource-collection>
<web-resource-name>user
open part</web-resource-name>
<url-pattern>/Server/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin
closed part</web-resource-name>
<url-pattern>/Server/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Server/index.jsp</form-login-page>
<form-error-page>/Server/index.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
<role-name>user</role-name>
</security-role>
<!--inserted to here-->
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
......
> Date: Wed, 18 Aug 2010 12:00:39 +0100
> From: p...@pidster.com
> To: users@tomcat.apache.org
> Subject: Re: Configure read/write-access in TomCat
>
> On 18/08/2010 10:44, K A wrote:
> >
> > Hello
> >
> > I've developed a web-application in which I'd like to have some control of
> > which resources are accessed by whom. My project is called "Server" in
> > which I've got 3 directories: "/user" which all roles are allowed to
> > access, "/admin" which ONLY administrators are allowed to access and
> > "resources" in which I've got some files which users are allowed to read
> > and administrators are allowed to both read and write.
> >
> > I'm using a FORM to login. The form action is "POST" and the action is
> > "j_security_check", the username field's name is "j_username" and the
> > password field's is "j_password".
> > I've implemented a security-check in the jsp-file itself where I'm checking
> > for the type of login the current user has. If the type is aproved then the
> > user is allowed to access the page.
> >
> > But when I test the application and try to access the files in the other
> > library then I've got access no matter what. This wasn't the intension.
> >
> > I've tried to follow several tutorials online but no matter what I can't
> > get it to work ouf the right way.
> >
> > I've tried to configure the web.xml manually but it doesn't work. I've
> > tried to use the "manager" through the browser but that doesn't seem to
> > deliver the possibility to setup those restriction.
>
> What have you tried?
>
>
> > Can somebody please give me a detailed walkthrough on how to achieve this?
> >
> > I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very
> > much in advance!
>
> Why do people think it's called 'TomCat'? It's *Tomcat*.
>
>
> p
>
>
> > Best regards,
> > Kenneth Andersen
> > k_k_ander...@hotmail.com
> >
>
