• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

password protecting directories under Tomcat

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is it possible to implement simple password protection for user directories under Tomcat, where Tomcat is running at a hosting company (So I cannot use conf/tomcat-user.xml, or add to server.xml, etc)

I can set up a simple test locally, using <security-constraint> in web.xml. It works fine, but it relies on conf/tomcat-user.xml.

All I want to do is emulate the simple apache .htaccess password protected directories.

Thanks
Andrew
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no equivalent to .htaccess in JEE.
URLs in JEE are not necessarily tied to files in directories.


Originally posted by Andrew Connick:

I can set up a simple test locally, using <security-constraint> in web.xml. It works fine, but it relies on conf/tomcat-user.xml.



It relies on roles.
tomcat-users.xml is one way to set up users and roles.
See:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
 
Andrew Connick
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I did look at the Realm how-to information before. It starts by saying you add to server.xml. I can't do that, because that's controlled by the web host. Is it possible to put it in context.xml ?

(and it certainly didn't look like the 'simple' solution I was hoping for !)

Thanks
Andrew
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Andrew Connick:

(and it certainly didn't look like the 'simple' solution I was hoping for !)



Apache web server thinks in terms of serving or executing files in directories. JEE servers map url-patterns to defined resource but can also serve up static resources and execute JSP files in directories. It would be difficult, in a more complex environment to do something as simple as htaccess.

If you're not averse to some coding, it would be fairly simple to write a filter to restrict access to specified directories.
 
reply
    Bookmark Topic Watch Topic
  • New Topic