2 questions: -How to protect directories with a password? -How to allows a Context to accept connections only throguht https?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Juan_Gallo
Posted On:   Saturday, May 3, 2003 07:53 AM

Hi all,

Is there any ".htaccess" -like way to protect directories with a password?

and...

How can I do to allows ONLY secure connections (https) for a Context or a directory?
Thanks in advance. JG

Re: 2 questions: -How to protect directories with a password? -How to allows a Context to accept connections only throguht https?

Posted By:   Daniele_Galluccio  
Posted On:   Saturday, May 3, 2003 03:35 PM

To password protect your pages you can use
a realm, please referer at the documentation
on tomcat project site for detailed info, also on web
there are many how-to, read them.

However to give you a point of start..

Once you've defined a realm resource(as the tomcat-users.xml or a your own
jdbc realm) in server.xml,
you have to modify the web.xml file of your application

here's a sample for adding basic realm support (Form authentication is quite similar, look at docs)




Link to the UserDatabase instance from which we request lists of defined role names.
UserDatabase
org.apache.catalina.UserDatabase





Entire Application
/*


test




BASIC
Your Realm Name



The role that is required to log in to the Manager Application
test



For allowing only https connections, assuming you've already activated ssl support
(if not please look at docs for how to do it)
add




Entire Application
/*


CONFIDENTIAL



to your web.xml file and change the url-pattern to
match the directory you want to access only via https.


Please, keep in mind that attributes definition order in web.xml
is important.
All attributes are optional but defining in the wrong place may prevent
your application to act as you want.

Hope this helps.

About | Sitemap | Contact