English 中文(简体)
Tomcat5申请的用户名和密码
原标题:Configure username and password on Tomcat 5.5 application

I have a Tomcat 5.5 server and i deploy a application on it. I have something like this http://tocatServer:8088/MyApp I want to limit the acces of users at this address by putting an username and password, but i need help. I know that i must add roles on web.xml, i try it but without success. If possible i want to send the URL like this http://username:password@tocatServer:8088/MyApp This url is sent from a java swing application for getting license from the serlet Thanks

问题回答

• 限制使用Tomcat的网络应用程序(或链接器):

http://www.oapps/MyApp/WEB-INF/web.xml。

<security-constraint>
    <web-resource-collection>
        <web-resource-name>
            Entire webapp
        </web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>member</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <!-- pay attention: BASIC in insecure, use it only for test, search for a more secure method -->
    <auth-method>BASIC</auth-method>
    <realm-name>Text reported when prompting the user for un and pw</realm-name>
</login-config>

conf/tomcat-users.xml

<role rolename="member"/>
<user username="bubi" password="bubi" roles="member"/>

然后重载网络,并可能重新启用Tomcat。

资料来源: rel=“nofollow>。 O Reilly s Top Ten Tomcat Configuration Tips - 5. 基本要素组合:

关于第二个问题,我不知道如何实现这一目标。

时间:2011-03-04 13:38:28


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全