This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 80269 - Tomcat Security Issue and Context Issue
Summary: Tomcat Security Issue and Context Issue
Status: RESOLVED INVALID
Alias: None
Product: serverplugins
Classification: Unclassified
Component: Tomcat (show other bugs)
Version: 5.x
Hardware: All Windows XP
: P3 blocker (vote)
Assignee: Sherold Dev
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-13 21:44 UTC by migueldiasbr
Modified: 2006-07-14 13:15 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description migueldiasbr 2006-07-13 21:44:02 UTC 
Hi guys,

Thank you so much for making Netbeans. I was an Eclipse fan, but I don't use 
for abou 2 years now :) Well, I always make Desktop Apps and Mobile Apps with 
Netbeans. But now I'm making an Web App, and this is the first time I found a 
weakness (maybe?).

I'm trying to use FORM security with the bundled Tomcat. But I have lot's of 
problems.

First: On web.xml I create a security constraint:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>ProtectedPlace</web-resource-name>
            <description>Only Administrators</description>
            <url-pattern>/protect/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

But when I run MyWebbApp on root (http://localhost:8084/MyWebApp/), it ask me 
for the authentication to. Well, I think it's a Tomcat problem, not a NetBeans, 
but it's related, cause I use a "Realm" inside "server.xml" to connect to my 
Database. How can I set up this for ask for authentication only when someone 
try to acess the "http://localhost:8084/MyWebApp/protect/anything.jsp"???

Second: I'm in trouble here, cause I use lot's of CSS and images on my App. So 
I create a structure like this:

MyWebApp\images
MyWebApp\css
MyWebApp\protect
MyWebApp\includes
MyWebApp\store
MyWebApp\store\list
MyWebApp\etc

The problem is: When I'm inside a JSP or HTML file, i use "absolute path" to 
link to my files, like that:

<link href="/css/tharsoft.css" rel="stylesheet" type="text/css">
<IMG alt="Banner" src="/images/Banner.gif" border=0>

I don't want to use context for my links, so how can I set MyWebApp to be my 
root App inside Netbeans? I know how to do that directly on Tomcat, but not 
inside Netbeans Web Server conficuration. It always make me choose a context 
path... 

If I don't use absolute paths, it doesn't work with files inside a directory. 
And as this is a dinamic app I always have to use absolute path.

Please, how can I solve these problems?
Comment 1 Sherold Dev 2006-07-14 13:15:51 UTC 
Closign as INVALID

Issuezilla should be used only for filing bugs in NetBeans. Please use some
mailing list for asking questions like this.