In /tomcat/Webapps/Projectname/web-inf: I have inserted this part: ....
</resource-ref> - <!--inserted from her --> - <security-constraint> - <web-resource-collection> <web-resource-name>user open part</web-resource-name> <url-pattern>/Server/user/*</url-pattern> </web-resource-collection> - <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> - <security-constraint> - <web-resource-collection> <web-resource-name>admin closed part</web-resource-name> <url-pattern>/Server/admin/*</url-pattern> </web-resource-collection> - <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> - <login-config> <auth-method>FORM</auth-method> - <form-login-config> <form-login-page>/Server/index.jsp</form-login-page> <form-error-page>/Server/index.jsp</form-error-page> </form-login-config> </login-config> - <security-role> <role-name>admin</role-name> <role-name>user</role-name> </security-role> - <!--inserted to here --> - <servlet> ... In /tomcat/Conf/web.xml: I have inserted this part: ................. <!--inserted from here--> <security-constraint> <web-resource-collection> <web-resource-name>user open part</web-resource-name> <url-pattern>/Server/user/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>admin closed part</web-resource-name> <url-pattern>/Server/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/Server/index.jsp</form-login-page> <form-error-page>/Server/index.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> <role-name>user</role-name> </security-role> <!--inserted to here--> <servlet> <servlet-name>default</servlet-name> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class> <init-param> ...... > Date: Wed, 18 Aug 2010 12:00:39 +0100 > From: p...@pidster.com > To: users@tomcat.apache.org > Subject: Re: Configure read/write-access in TomCat > > On 18/08/2010 10:44, K A wrote: > > > > Hello > > > > I've developed a web-application in which I'd like to have some control of > > which resources are accessed by whom. My project is called "Server" in > > which I've got 3 directories: "/user" which all roles are allowed to > > access, "/admin" which ONLY administrators are allowed to access and > > "resources" in which I've got some files which users are allowed to read > > and administrators are allowed to both read and write. > > > > I'm using a FORM to login. The form action is "POST" and the action is > > "j_security_check", the username field's name is "j_username" and the > > password field's is "j_password". > > I've implemented a security-check in the jsp-file itself where I'm checking > > for the type of login the current user has. If the type is aproved then the > > user is allowed to access the page. > > > > But when I test the application and try to access the files in the other > > library then I've got access no matter what. This wasn't the intension. > > > > I've tried to follow several tutorials online but no matter what I can't > > get it to work ouf the right way. > > > > I've tried to configure the web.xml manually but it doesn't work. I've > > tried to use the "manager" through the browser but that doesn't seem to > > deliver the possibility to setup those restriction. > > What have you tried? > > > > Can somebody please give me a detailed walkthrough on how to achieve this? > > > > I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very > > much in advance! > > Why do people think it's called 'TomCat'? It's *Tomcat*. > > > p > > > > Best regards, > > Kenneth Andersen > > k_k_ander...@hotmail.com > > >