With Tomcat you can also use a URL Rewrite Filter to transparently (HTTP 200) redirect requests to the protected folder
to a HTTP 403 status or a password required page.

But I can't gurantee if URL Rewriting makes the directory fully secure.

----- Original Message ----
From: David Delbecq <delbd@(protected)>
To: Tomcat Users List <users@(protected)>
Sent: Tuesday, December 5, 2006 5:58:53 AM
Subject: Re: How to password protect a directory?


Mikolaj Rydzewski a écrit :
> Hi,
>
> I have several directories mapped to my Tomcat instance with
> context.xml like this:
>
> <?xml version="1.0" encoding="ISO-8859-2"?>
> <Context
>     cookies="false"
>     docBase="/home/stats/some_dir"
>     path="/stats"
> />
>
> There're only html files there. No JSP, servlets, and of course no
> WEB-INF. How can I password protect those directories (or webapps)? Do
> I have to create appropriate WEB-INF/web.xml and security constraints?
> Or is there any simpler solution?
>
Only static resources? Yes, there is a simpler solution, don't use
tomcat, use an apache web server and a .htaccess file.

If you really need tomcat, yes, a web.xml is highly recommanded then.



____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)