You can block the access to all /info pages except the admin_panel.jsp with a security constraint in the `/webapps/ivy/WEB-INF/web.xml` <web-app ...... .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/[^admin_panel]*</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint> </web-app> If the user tries to access the 'info/index.jsp' page a 404 error page will be displayed. The admin_panel.jsp still works but you have to know the URL :-) ---------- You could also require basic authentication for users that are accessing any /info/ page:page: SEe http://wiki.metawerx.net/wiki/SecuringYourSiteWithContainerManagedSecurity webapps/ivy/WEB-INF/web.xml <web-app> .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>sysadmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>sysadmin</role-name> </security-role> <web-app webapps/ivy/META-INF/context.xml <Context> .... <Realm className="org.apache.catalina.realm.MemoryRealm" pathname="[AbsolutePathToYourEngine]/webapps/ivy/WEB-INF/tomcat-users.xml"/> </Context> webapps/ivy/WEB-INF/tomcat-users.xml <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="sysadmin"/> <user username="admin" password="nimda" roles="sysadmin"/> </tomcat-users>

You can block the access to all /info pages except the admin_panel.jsp with a security constraint in the `/webapps/ivy/WEB-INF/web.xml` <web-app ...... .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/[^admin_panel]*</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint> </web-app> If the user tries to access the 'info/index.jsp' page a 404 error page will be displayed. The admin_panel.jsp still works but you have to know the URL :-):-) ---------- You could also require basic authentication for users that are accessing any /info/ page: webapps/ivy/WEB-INF/web.xml <web-app> .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>sysadmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>sysadmin</role-name> </security-role> <web-app webapps/ivy/META-INF/context.xml <Context> .... <Realm className="org.apache.catalina.realm.MemoryRealm" pathname="[AbsolutePathToYourEngine]/webapps/ivy/WEB-INF/tomcat-users.xml"/> </Context> webapps/ivy/WEB-INF/tomcat-users.xml <?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="sysadmin"/> <user username="admin" password="nimda" roles="sysadmin"/> </tomcat-users>

You can block the access to all /info pages except the admin_panel.jsp with a security constraint in the `/webapps/ivy/WEB-INF/web.xml` <web-app ...... .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/[^admin_panel]*</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint> </web-app> If the user tries to access the 'info/index.jsp' page a 404 error page will be displayed. The admin_panel.jsp still works but you have to know the URL :-)

You can block the access to all /info pages except the admin_panel.jsp with a security constraint in the `/webapps/ivy/WEB-INF/web.xml` <web-app ...... .... <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/[^admin_panel]*</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint> </web-app> If the user tries to access the 'info/index.jsp' page a 404 error page will be displayed. The admin_panel.jsp still works but you have to know the URL :-)

You can block the access to all /info pages except the admin_panel.jsp with a security constraint in the `/webapps/ivy/WEB-INF/web.xml` <security-constraint> <display-name>Restrict access to info page</display-name> <web-resource-collection> <web-resource-name>Restricted folders</web-resource-name> <url-pattern>/info/[^admin_panel]*</url-pattern> </web-resource-collection> <auth-constraint /> </security-constraint> If the user tries to access the 'info/index.jsp' page a 404 error page will be displayed. The admin_panel.jsp still works but you have to know the URL :-)