tomcat security--need help

This is a discussion on tomcat security--need help within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi All: I'm running Apache Tomcat 4.1 as my webserver on my box. I have a Java servlet ...


Go Back   Usenet Forums > Web Server and Related Forums > Apache Web Server

Reload this Page tomcat security--need help

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-13-2005
Drew
 
Posts: n/a
Default tomcat security--need help


Hi All:

I'm running Apache Tomcat 4.1 as my webserver on my box.

I have a Java servlet that runs perfectly and is located at something
like:

http://www.mysitename.com/StormLog

where StormLog is a folder with an index.htm file inside of it that
Tomcat shows when the user enters the above address or clicks on a
link from my main page to go to this folder.

I would like to be able to have Tomcat prompt for a username/password
or just a password is fine also before rendering the index.html file
in this folder.

I will just have a small number of users and for my purposes, one
username/password that they all know is just fine and is most ideal
solution.

How can I do this? This page
(http://www.jguru.com/faq/view.jsp?EID=239670) seems to suggest using
tomcat-users.xml and web.xml in the web-inf folder of the application.
I haven't had any luck with this though.

I've also read other stuff about htpasswd.

Can anyone advise on the simplest way of accomplishing what I want to
do? It seems like this should be easy to do. Thanks in advance for
any help!

Drew
  #2 (permalink)  
Old 01-14-2005
Drew
 
Posts: n/a
Default Re: tomcat security--need help

Just to follow up, I got it to work. Wanted to post here in case
anyone googles while researching the same problem.

In Tomcat's conf folder, edit tomcat-users.xml

You must add a role (or use an existing one):

<role rolename="role1"/>

Then add a user who is assigned this role. You can give them more
roles but must include your new role.

<user username="username" password="password" roles="role1"/>


Then, go to Tomcat's webapps\YourAppName\web-inf folder.

You should have a web.xml file there. Note it is not in the classes
or lib folder but a file in the web-inf directory.

Use the following for that file:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
<display-name>Welcome to Tomcat</display-name>
<description>
Welcome to Tomcat
</description>

<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire Application
</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>

</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>


</web-app>


Now, restart the Tomcat service and the folder based security for the
YourWebAppName should be in effect!

Drew
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 10:08 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0