Protecting Yanel realm by Tomcat [WAS: Re: [Yanel-dev] Fwd: etwas für's wiki]
Michael Wechner
michael.wechner at wyona.com
Wed Dec 22 15:50:25 CET 2010
Hi Balz
Thanks very much for this. I will try to add this to the documentation
http://www.yanel.org/en/documentation/index.html
Thanks
Michael
On 12/22/10 3:29 PM, Balz Schreier wrote:
> Dear all,
>
> I work on a Internet web site which has two environments, TEST and =
> PROD, both reachable through the normal Internet.
> We just noticed that Google indexed also some pages from the TEST =
> environment (despite our efforts not to publicly point to the TEST =
> environment at all, but somehow Google found it out).
>
> How to avoid being indexed?
> - One solution is to put that robots.txt file at the root of the =
> site... But then you are not sure whether the bots will really follow =
> the directions in there
> - Another solution is to protect the whole REALM by configuring "/" in =
> the map-rc file and having a policy in place that protects it
> - The latter solution might be fine in some cases but we want to test =
> our site how it looks like if the user is not logged into the =
> application (public users). In order to test with a public user but =
> still with some protection against bots, see next solution:
> - We configured Tomcat so that the whole "/" web app is protected by a =
> technical user configured in tomcat's tomcat-users.xml. in Yanel's =
> web.xml we declared some security constraints so that the basic auth =
> popup appears. Now you can login to the Servlet Container's security =
> context and when you have done that, you're in the yanel context as =
> public user. Of course, you then can login again to your application, =
> triggering the whole Yanel specific security context.
>
> Below was my mail to Michael with the configuration for Tomcat. It =
> might be helpful for some others in future, maybe ;-)
>
> Cheers
> Balz
>
> ---------- Forwarded message ----------
> From: *Balz Schreier* <balz.schreier at gmail.com =
> <mailto:balz.schreier at gmail.com>>
> Date: 2010/12/22
> Subject: etwas f=FCr's wiki
> To: Michael Michi Wechner <michael.wechner at wyona.com =
> <mailto:michael.wechner at wyona.com>>
>
>
> hoi michi,
>
> w=E4re vielleicht etwas f=FCr's wiki, dann muss man es nicht jedesmal suc=
hen.
>
> TASK: Secure the whole realm with basic authentication of Tomcat =
> without impacting Yanel's security setup (yanel users and roles).
>
> DESCRIPTION:
>
> Details for Tomcat Basic Authentication Setup:
>
> * Configure this in tomcat-users.xml:
>
>
> <user rolename=3D"tester"/>
>
>
> <user username=3D"testuser" password=3D"..." roles=3D"tester"/>
> * Configure this in Yanel=92s web.xml:
>
>
> <security-constraint>
>
> o <display-name>My Realm</display-name>
> o <web-resource-collection>
>
>
> <web-resource-name>My Realm</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> o <auth-constraint>
> o <role-name>tester</role-name>
> o </auth-constraint>
> o <user-data-constraint>
>
>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> o <auth-method>BASIC</auth-method>
> o <realm-name/>
>
>
> </login-config>
> <security-role>
> o <role-name>tester</role-name>
>
>
> </security-role>
>
>
> Gruss
> Balz
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wyona.org/pipermail/yanel-development/attachments/2010122=
2/40775c08/attachment-0001.htm
More information about the Yanel-development
mailing list