wood burning stoves 2.0*
The moose likes Tomcat and the fly likes WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL" Watch "WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL" New topic
Author

WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL

vishal koladiya
Greenhorn

Joined: Aug 08, 2012
Posts: 1
Hi all,

I want to provide authentication to the files which are outside tomcat directory.

My files are at /app/apache-tomcat-5.5.17/webapps/Reports/file1.zip
Note that here Reports is not a tomcat application. It is just a directory.
I want to provide authentication for that file so i can access file with link http://localhost:8006/Reports/file1.zip after providing authentication only.

WEBDAV authentication is possible when I make changes in web.xml inside some tomcat application.
But for that this Reports folder should be inside it.
e.g. I've another application named 'RentalApp' on same server.
than if I make changes at /app/apache-tomcat-5.5.17/webapps/RentalApp/WEB-INF/web.xml
and put file at /app/apache-tomcat-5.5.17/webapps/RentalApp/Reports/file1.zip than it is asking for authentication when accessing through http://localhost:8006/RentalApp/Reports/file1.zip

Note that changing web.xml at server level (/app/apache-tomcat-5.5.17/conf/web.xml).

Can we provide WEBDAV authentication at server level to any file which is not inside tomcat application.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15961
    
  19

Any directory that is located immediately under the TOMCAT_HOME/webapps directory is, by definition, a web application in exploded WAR format. There is no concept of a data directory under webapps, only the question of whether the WAR is valid or not.

In any event, you should NEVER write or delete files in or below the webapps directory under webapp program control. Since Tomcat is not a WEBDAV server, that aspect does not apply either. The only writing that should ever be done in webapps is to deploy or undeploy (delete) the webapps themselves. Other than that, all files and directories should be treated as read-only. The fact that Tomcat does not enforce this restriction does not mean that it is safe to violate it - do so and you will regret it.

While Tomcat itself does not provide WEBDAV services, a Tomcat webapp can do so if it wants to. Regardless, the actual files and directories being controlled should be placed in a location external to the Tomcat directories and the webapps directory in particular.

Authentication and authorization are separate concerns, and the J2EE A&A standards are usually sufficient for that purpose.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WEBDAV authentication at SERVER LEVEL rather than at APPLICATION LEVEL
 
Similar Threads
How can I force Tomcat 5.5 to clear it's cache of web apps?
How to Deploy simple webapp onto Apache Tomcat Server 7.0.23 ?
Web app not recognized and not reloadable
How to Import a JAVA File in JSP
getting set up apache/tomcat