0 Replies Latest reply on Nov 5, 2006 9:05 AM by jfrankman

    How do you secure static content?

    jfrankman Novice

      I have created a context in the jbossweb-tomcat55.asr for sharing documents. However, I want to protect this context with a security constraint. To the best of my knowlege I have everything set up correctly, but a user is not prompted for a username/password and the context is still accessible by anyone.

      I have tried to get this working by placing the following in the server.xml file in the jbossweb-tomcat55.sar directory please tell me what I am doing wrong. I am at the end of my rope:


       <Host name="localhost"
       autoDeploy="false" deployOnStartup="false" deployXML="false" >
      <Context path="/media" appBase="" docBase="/windows/D/media" debug="99" reloadable="true">
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>blah blah blah</web-resource-name>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>mediauser</role-name>
       </auth-constraint>
       </security-constraint>
       <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
       driverName="com.mysql.jdbc.Driver"
       connectionURL="jdbc:mysql://localhost/jboss?user=jbossuser&password=password"
       userTable="users" userNameCol="user_name" userCredCol="user_pass"
       userRoleTable="user_roles" roleNameCol="role_name"/>
      
      
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Example Realm</realm-name>
       </login-config>
      
       <security-role>
       <description>The role that is required to log in to
       the Manager Application</description>
       <role-name>mediauser</role-name>
       </security-role>