Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL

 
vishal koladiya
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I want to provide authentication to the files which are outside tomcat directory.

My files are at /app/apache-tomcat-5.5.17/webapps/Reports/file1.zip
Note that here Reports is not a tomcat application. It is just a directory.
I want to provide authentication for that file so i can access file with link http://localhost:8006/Reports/file1.zip after providing authentication only.

WEBDAV authentication is possible when I make changes in web.xml inside some tomcat application.
But for that this Reports folder should be inside it.
e.g. I've another application named 'RentalApp' on same server.
than if I make changes at /app/apache-tomcat-5.5.17/webapps/RentalApp/WEB-INF/web.xml
and put file at /app/apache-tomcat-5.5.17/webapps/RentalApp/Reports/file1.zip than it is asking for authentication when accessing through http://localhost:8006/RentalApp/Reports/file1.zip

Note that changing web.xml at server level (/app/apache-tomcat-5.5.17/conf/web.xml).

Can we provide WEBDAV authentication at server level to any file which is not inside tomcat application.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18164
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any directory that is located immediately under the TOMCAT_HOME/webapps directory is, by definition, a web application in exploded WAR format. There is no concept of a data directory under webapps, only the question of whether the WAR is valid or not.

In any event, you should NEVER write or delete files in or below the webapps directory under webapp program control. Since Tomcat is not a WEBDAV server, that aspect does not apply either. The only writing that should ever be done in webapps is to deploy or undeploy (delete) the webapps themselves. Other than that, all files and directories should be treated as read-only. The fact that Tomcat does not enforce this restriction does not mean that it is safe to violate it - do so and you will regret it.

While Tomcat itself does not provide WEBDAV services, a Tomcat webapp can do so if it wants to. Regardless, the actual files and directories being controlled should be placed in a location external to the Tomcat directories and the webapps directory in particular.

Authentication and authorization are separate concerns, and the J2EE A&A standards are usually sufficient for that purpose.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic