Menu
I have a web application and Tomcat, like server for it.
I put my web app in the folder: $(TOMCAT_HOME)/webapps/myapp and my images to the $(TOMCAT_HOME)/webapps/images
And I wrote next in the tomcat's server.xml
<Context path="/images" docBase="c:/servers/apache-tomcat-7.0.29/webapps/images"/>
It works OK. But, I wanna to secure the folder. I mean, I want to banned access to the folder if user is not logged in my application. How can I do it?
608
You're going to need to put a in your deployment descriptor. Something along the lines of this:
<security constraint>
<web-resource-collection>
<web-resource-name>Images</web-resource-name>
<url-pattern>/images/*</url-pattern>
<http-method>POST</http-method>
<web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Member</role-name>
</auth-constraint>
</security-constraint>
<security-role><role-name>Admin</role-name></security-role>
<security-role><role-name>Member</role-name></security-role>
<security-role><role-name>Guest</role-name></security-role>
You will then need to define the user roles in a tomcat-users.xml file:
<tomcat-users>
<role rolename=”Admin”/>
<role rolename=”Member”/>
<role rolename=”Guest”/>
<user username=”Conor” password=”admin” roles=”Admin, Member, Guest” />
<user username=”SomebodyElse” password=”coder” roles=”Member, Guest” />
<user username=”Andrew” password=”newbie” roles=”Guest” />
</tomcat-users>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
