MMAWEB Technical Support

Even experts read the manuals. Our tech support staff has most of the books that are out on a wide variety of web topics. Here are some of their top picks. We think you'll find them useful and informative as well.

Servlet Programming (O'Reilly, 1999)
Perl 5 Interactive Course (Waite, 1997)
Designing Web Usability (New Riders, 2000)
C++ The Complete Reference (Osborne, 1998)
JavaScript The Definitive Guide (O'Reilly, 1999)
MySQL (New Riders, 1999)
Professional PHP Programming (Wrox, 1999)
Professional Java Server Programming (Wrox, 1999)

Tomcat role-based Password Protection

If your website is being served as a Tomcat context, the Apache .htaccess password protection will not work to prevent access to directories under the site. Instead, you will need to use Tomcat's built-in role-based security constraints. This requires editing two files:

The web.xml file of the web application.

The tomcat-users.xml file of your Tomcat instance.

The web.xml security-constraint definition

A simple web.xml file security constraint looks like the following:


         <security-constraint>

      <display-name>Example Security Constraint</display-name>

      <web-resource-collection>

         <web-resource-name>Protected Area</web-resource-name>

         <url-pattern>/protected/*</url-pattern>

      </web-resource-collection>

      <auth-constraint>

         <role-name>protected_role</role-name>

      </auth-constraint>

    </security-constraint>

    <login-config>

      <auth-method>BASIC</auth-method>

      <realm-name>Protected Area</realm-name>

    </login-config>

This code should be placed in your web.xml file after any servlet and servlet-mapping definitions. Placing it in the wrong location may cause Tomcat to not initialize the context due to syntax errors.

The tomcat-users.xml user definition

Users who should have access to the resources protected by the security-constraint should be defined in your tomcat-users.xml file. An example user definition for the resource defined above would look as follows:


    <user name="protected_user"  password="your_password" roles="protected_role"  />

After adding security constraints or new users to your definitions, Tomcat must be restarted before the updates will take effect.

Additional features

Tomcat also offers form-based security constraints as well as role definitions stored in a database. For detailed explanations of these features, please see the Tomcat documentation at http://tomcat.apache.org.

Note: MMA technical support staff cannot provide troubleshooting of problems with third-party CGI scripts including but not limited to: Perl scripts, C/C++ binaries, PHP or web/database integration unless these services are specifically contracted. For these services, please see our Quote Request Form.