|
»
»
howto setup url security constraint with parameters?
|
View:
New views
7 Messages
—
Rating Filter:
Alert me
|
 |
howto setup url security constraint with parameters?
by Piavlo-2
::
Rate this Message:
Hi,
I have tomcat setup with user directories = org.apache.catalina.startup.UserConfig now I want to give each user to reload only his webapp from the manager webapp. If i change the manager web.xml like this ------------------------------ <security-constraint> <web-resource-collection> <web-resource-name>Allow Blah01 User Reload his Webapp</web-resource-name> <url-pattern>/reload</url-pattern> </web-resource-collection> <auth-constraint> <role-name>blah01</role-name> </auth-constraint> </security-constraint> <security-role> <description> Zopa Userdir Role </description> <role-name>blah01</role-name> </security-role> --------------------------- then the user can reload his webapp with: http://localhost:8080/manager/reload?path=/~blah01 but he can also reload other users webapps - and i want to prevent this I tried to put something like this --------------------------- <security-constraint> <web-resource-collection> <web-resource-name>Allow Blah01 User Reload his Webapp</web-resource-name> <url-pattern>/reload <param-name>path</param-name> <param-value>/~blah01</param-value> </url-pattern> </web-resource-collection> <auth-constraint> <role-name>blah01</role-name> </auth-constraint> </security-constraint> --------------------------- but this is obviously illegal. Any ideas how this can be done? Thanks Alex --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
RE: howto setup url security constraint with parameters?
by Caldarale, Charles R
::
Rate this Message:
> From: Piavlo [mailto:lolitushka@...]
> Subject: howto setup url security constraint with parameters? > > now I want to give each user to reload only his webapp from > the manager webapp. I don't think you need to. By touching or otherwise updating any file listed in a <WatchedResource> element for the webapp, Tomcat will automatically restart the webapp, assuming you have not disabled automatic deployment. As long as the user has access to the <WatchedResource> for his or her webapp, they should be able to trigger redeployment whenever they want. The default <WatchedResource> is the WEB-INF/web.xml file for each webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: howto setup url security constraint with parameters?
by Piavlo-2
::
Rate this Message:
Caldarale, Charles R wrote:
>> From: Piavlo [mailto:lolitushka@...] >> Subject: howto setup url security constraint with parameters? >> >> now I want to give each user to reload only his webapp from >> the manager webapp. >> > > The problem is that <WatchedResource> does not work for user dirs defined with org.apache.catalina.startup.UserConfig While I did setup all webapps to be reloadable by using the default server contect inherited by other webapps, i.e: <Context reloadable="true"> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context> This only trigers reload then files change under WEB-INF/{lib/classes}/* but not nested subdirs, for example modifying WEB-INF/classes/Some.class triggers reload but WEB-INF/classes/somedir/another.class does not always work. Also the WEB-INF/web.xml is not watched anyway, it's modification never triggers webapp reload, - while it is correctly watched for regular (non userdirs) webapps. Thanks Alex > I don't think you need to. By touching or otherwise updating any file listed in a <WatchedResource> element for the webapp, Tomcat will automatically restart the webapp, assuming you have not disabled automatic deployment. As long as the user has access to the <WatchedResource> for his or her webapp, they should be able to trigger redeployment whenever they want. The default <WatchedResource> is the WEB-INF/web.xml file for each webapp. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
RE: howto setup url security constraint with parameters?
by Caldarale, Charles R
::
Rate this Message:
> From: Piavlo [mailto:lolitushka@...]
> Subject: Re: howto setup url security constraint with parameters? > > The problem is that <WatchedResource> does not work for user dirs > defined with org.apache.catalina.startup.UserConfig Sounds like a bug, but I haven't looked at the code. What version of Tomcat are you using? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: howto setup url security constraint with parameters?
by Piavlo-2
::
Rate this Message:
Caldarale, Charles R wrote:
>> From: Piavlo [mailto:lolitushka@...] >> Subject: Re: howto setup url security constraint with parameters? >> >> The problem is that <WatchedResource> does not work for user dirs >> defined with org.apache.catalina.startup.UserConfig >> > > Sounds like a bug, but I haven't looked at the code. What version of Tomcat are you using? > Currently 6.0.20 , but this also does not work with 5.5 versions. But putting aside the buggy WatchedResource issue - is there a way to do a security constraint of a url on granularity of also matching specific HTTP GET parameters/values pairs in that url? Thanks Alex > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: howto setup url security constraint with parameters?
by awarnier
::
Rate this Message:
Pivo wrote:
> Caldarale, Charles R wrote: >>> From: Piavlo [mailto:lolitushka@...] >>> Subject: Re: howto setup url security constraint with parameters? >>> >>> The problem is that <WatchedResource> does not work for user dirs >>> defined with org.apache.catalina.startup.UserConfig >>> >> Sounds like a bug, but I haven't looked at the code. What version of Tomcat are you using? >> > Currently 6.0.20 , but this also does not work with 5.5 versions. > But putting aside the buggy WatchedResource issue - is there a way to > do a security constraint of a url on granularity of also matching > specific HTTP GET parameters/values pairs in that url? > Just jumping in with some lateral thinking, and without the background. The idea would be to catch these requests earlier, and dispatch them, on the base of the GET parameters, to different webapps, each with it's appropriate security constraints. I think a servlet filter (such as the URLRewriteFilter) would be too late already. But a front-end Apache httpd would not. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: howto setup url security constraint with parameters?
by Pid Ster
::
Rate this Message:
On 06/11/2009 00:29, Pivo wrote:
> Caldarale, Charles R wrote: >>> From: Piavlo [mailto:lolitushka@...] >>> Subject: Re: howto setup url security constraint with parameters? >>> >>> The problem is that<WatchedResource> does not work for user dirs >>> defined with org.apache.catalina.startup.UserConfig >>> >> >> Sounds like a bug, but I haven't looked at the code. What version of Tomcat are you using? >> > Currently 6.0.20 , but this also does not work with 5.5 versions. > But putting aside the buggy WatchedResource issue - is there a way to > do a security constraint of a url on granularity of also matching > specific HTTP GET parameters/values pairs in that url? Short answer: no, not using container based security. That would be a task for the Servlet itself to perform as part of it's logic. You can use 'request.isUserInRole("somerole")'. p > Thanks > Alex > >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
