How do I restrict access to a specific subdirectory within ROOT using basic authentication?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   sean_divine
Posted On:   Tuesday, May 11, 2004 02:57 AM

I'm fairly new to configuring server.xml and web.xml files. (I'm currently running jakarta-tomcat-4.1.18.) I am trying to require password authentication for access to a subfolder called "update" located within ROOT. I want all files located directly in ROOT to be available without a password. I am having trouble determing the correct path to use for the in the web.xml file in WEB-INF. If I use /* then no pages on the site may be accessed without a password no matter their location. I am presuming that this means I have set up the basic authentication correctly in tomcat-users.xml, server.xml (in conf) and web.xml (in WEB-INF) but that I now simply need to put the correct path into the in web.xml.    More>>

I'm fairly new to configuring server.xml and web.xml files. (I'm currently running jakarta-tomcat-4.1.18.)



I am trying to require password authentication for access to a subfolder called "update" located within ROOT. I want all files located directly in ROOT to be available without a password. I am having trouble determing the correct path to use for the in the web.xml file in WEB-INF.



If I use /* then no pages on the site may be accessed without a password no matter their location. I am presuming that this means I have set up the basic authentication correctly in tomcat-users.xml, server.xml (in conf) and web.xml (in WEB-INF) but that I now simply need to put the correct path into the in web.xml.



However, when I use /update/* , I can access all of the pages within the update folder without being asked for a password. I've experimented with many different paths and have not had luck with any. I have been careful to close my browser and open a new one each time between tests. I've also tried restarting tomcat for every new test. Nothing works.



In my server.xml file, is located within the tag (not within or ).



Have hunted around for a solution without much luck. I assume that I am missing something very simple.



Here is my complete web.xml file...



			


SMUpdate App webxml



SMUpdate
/*


smupdate



BASIC
SMUpdate


invoker
/servlet/*







Any suggestions would be very much appreciated.



Thanks.    <<Less

Re: How do I restrict access to a specific subdirectory within ROOT using basic authentication?

Posted By:   Sean_Owen  
Posted On:   Wednesday, May 12, 2004 08:39 AM

Add this after login-config, to declare your role? Not sure why it would work without this in the case of "/*" though. Otherwise I don't see any problems with your web.xml file; that's odd.





smupdate

About | Sitemap | Contact