wood burning stoves 2.0*
The moose likes Tomcat and the fly likes password protecting directories under Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "password protecting directories under Tomcat" Watch "password protecting directories under Tomcat" New topic
Author

password protecting directories under Tomcat

Andrew Connick
Greenhorn

Joined: Nov 30, 2008
Posts: 2
Is it possible to implement simple password protection for user directories under Tomcat, where Tomcat is running at a hosting company (So I cannot use conf/tomcat-user.xml, or add to server.xml, etc)

I can set up a simple test locally, using <security-constraint> in web.xml. It works fine, but it relies on conf/tomcat-user.xml.

All I want to do is emulate the simple apache .htaccess password protected directories.

Thanks
Andrew
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

There is no equivalent to .htaccess in JEE.
URLs in JEE are not necessarily tied to files in directories.


Originally posted by Andrew Connick:

I can set up a simple test locally, using <security-constraint> in web.xml. It works fine, but it relies on conf/tomcat-user.xml.


It relies on roles.
tomcat-users.xml is one way to set up users and roles.
See:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Andrew Connick
Greenhorn

Joined: Nov 30, 2008
Posts: 2
I did look at the Realm how-to information before. It starts by saying you add to server.xml. I can't do that, because that's controlled by the web host. Is it possible to put it in context.xml ?

(and it certainly didn't look like the 'simple' solution I was hoping for !)

Thanks
Andrew
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Andrew Connick:

(and it certainly didn't look like the 'simple' solution I was hoping for !)


Apache web server thinks in terms of serving or executing files in directories. JEE servers map url-patterns to defined resource but can also serve up static resources and execute JSP files in directories. It would be difficult, in a more complex environment to do something as simple as htaccess.

If you're not averse to some coding, it would be fairly simple to write a filter to restrict access to specified directories.
 
Don't get me started about those stupid light bulbs.
 
subject: password protecting directories under Tomcat