In /tomcat/Webapps/Projectname/web-inf:

I have inserted this part:
....



</resource-ref>
- <!--inserted from her  -->

 

- <security-constraint>


- <web-resource-collection>


  <web-resource-name>user open part</web-resource-name> 

  <url-pattern>/Server/user/*</url-pattern> 

  </web-resource-collection>

- <auth-constraint>


  <role-name>user</role-name> 

  <role-name>admin</role-name> 
  </auth-constraint>
  </security-constraint>

- <security-constraint>


- <web-resource-collection>


  <web-resource-name>admin closed part</web-resource-name> 

  <url-pattern>/Server/admin/*</url-pattern> 

  </web-resource-collection>

- <auth-constraint>


  <role-name>admin</role-name> 
  </auth-constraint>
  </security-constraint>

- <login-config>


  <auth-method>FORM</auth-method> 

- <form-login-config>


  <form-login-page>/Server/index.jsp</form-login-page> 

  <form-error-page>/Server/index.jsp</form-error-page> 
  </form-login-config>
  </login-config>

- <security-role>


  <role-name>admin</role-name> 

  <role-name>user</role-name> 
  </security-role>
- <!--inserted to here  -->

 

- <servlet>
...


In /tomcat/Conf/web.xml:



I have inserted this part:
.................


<!--inserted from here-->

      <security-constraint>

            <web-resource-collection>

                  <web-resource-name>user
open part</web-resource-name>

                  <url-pattern>/Server/user/*</url-pattern>

            </web-resource-collection>

            <auth-constraint>

                  <role-name>user</role-name>

                  <role-name>admin</role-name>

            </auth-constraint>

      </security-constraint>

      <security-constraint>

            <web-resource-collection>

                  <web-resource-name>admin
closed part</web-resource-name>

                  <url-pattern>/Server/admin/*</url-pattern>

            </web-resource-collection>

            <auth-constraint>

                  <role-name>admin</role-name>

            </auth-constraint>

      </security-constraint>

      <login-config>

            <auth-method>FORM</auth-method>

            <form-login-config>

                  <form-login-page>/Server/index.jsp</form-login-page>

                  <form-error-page>/Server/index.jsp</form-error-page>

            </form-login-config>

      </login-config>

      <security-role>

            <role-name>admin</role-name>

            <role-name>user</role-name>

      </security-role>

<!--inserted to here-->



    <servlet>

       
<servlet-name>default</servlet-name>

       
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>

        <init-param>

......



> Date: Wed, 18 Aug 2010 12:00:39 +0100
> From: p...@pidster.com
> To: users@tomcat.apache.org
> Subject: Re: Configure read/write-access in TomCat
> 
> On 18/08/2010 10:44, K A wrote:
> > 
> > Hello
> > 
> > I've developed a web-application in which I'd like to have some control of 
> > which resources are accessed by whom. My project is called "Server" in 
> > which I've got 3 directories: "/user" which all roles are allowed to 
> > access, "/admin" which ONLY administrators are allowed to access and 
> > "resources" in which I've got some files which users are allowed to read 
> > and administrators are allowed to both read and write.
> > 
> > I'm using a FORM to login. The form action is "POST" and the action is 
> > "j_security_check", the username field's name is "j_username" and the 
> > password field's is "j_password".
> > I've implemented a security-check in the jsp-file itself where I'm checking 
> > for the type of login the current user has. If the type is aproved then the 
> > user is allowed to access the page.
> > 
> > But when I test the application and try to access the files in the other 
> > library then I've got access no matter what. This wasn't the intension. 
> > 
> > I've tried to follow several tutorials online but no matter what I can't 
> > get it to work ouf the right way.
> > 
> > I've tried to configure the web.xml manually but it doesn't work. I've 
> > tried to use the "manager" through the browser but that doesn't seem to 
> > deliver the possibility to setup those restriction.
> 
> What have you tried?
> 
> 
> > Can somebody please give me a detailed walkthrough on how to achieve this?
> > 
> > I'm using TomCat 6.0, JVM 1.5.0_20 SUN and Windows XP 5.1.Thankyou very 
> > much in advance!
> 
> Why do people think it's called 'TomCat'?  It's *Tomcat*.
> 
> 
> p
> 
> 
> > Best regards,
> > Kenneth Andersen
> > k_k_ander...@hotmail.com
> >                                       
> 
                                          

Reply via email to