How do i secure standalone tomcat web directory

[brendantdp]

Hi,

I am running tomcat as a standalone on slack linux, I need to protect the web site that tomcat is serving, but I would like to do it through tomcat, and not in code. Something similar to htaccess in apache. I am not very experienced in linux, and I don't know tomcat particularly well.

Any help would be very appreciated

thanks

Brendan White
South Africa

 

[sem]

Edit conf/tomcat-users.xml file and deployment descriptor web.xml of your application.

Regards, Dima

 

[brendantdp]

thanks sem,

here is my web.xml

<?xml version=&quot;1.0&quot; encoding=&quot;ISO-8859-1&quot;?>

<!DOCTYPE web-app
PUBLIC &quot;-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN&quot;
&quot;

http://java.sun.com/j2ee/dtds/web-app_2_2.dtd&quot;>

<security-constraint>
<web-resource-collection>
<web-resource-name>OnJava Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ec-users</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ec_site</realm-name>
</login-config>

I have a file ec-users.xml in tomcat/conf , which contains the users that I want to give access to. It still doesn'n run and gives me:

ERROR initializing /var/

http://www/htdocs/ec_site/WEB-INF/web.xml

- org.xml.sax.SAXException: Fatal error org.xml.sax.SAXParseException: Illegal character at end of document, &#x3c;.

thanks

 

[sem]

It apparently means that your xml is invalid: remove semicolon after !DOCTYPE and place login-config and security-constraint into web-app tag according to DTD.

Regards, Dima

 

[brendantdp]

thanks a lot, I sort of figured out most of it.

The app is working perfectly.

once again thanks

Brendan