例如你要控制對ROOT目錄下文件的訪問: 首先更改$TOMCAT_HOME/ROOT/WEB-INF/web.xml 1。在<web-app>和</web-app>之間加入 <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>user</role-name> </auth-constraint> </security-constraint>
<!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>TEST ACCESS CONTROL</realm-name> </login-config>
2。然后在$TOMCAT_HOME/conf/tomcat-users.xml中加入 <user name="user" password="password" roles="user"/> roles的名字和web.xml中的相對應(yīng)
在TOMCAT4.03中測試通過
|