You must never ever forget that Harbor is in fact a Web Site, even
the HarborRepository itself is a web site.
This gives one tremendous flexibility.
For example if you have an application that writes to a folder at
the same level as the HarborRepository, that becomes a web page.
So if the remote user then addressed that URI in a browser, they
will see it. Its a wonderful way to mix applications with web site
design, and its a wonderful way to provide help files for your
applications.
But there are even more good reasons for this. For example
because HarborRepository is in fact a web site, using a tool like
WebDav lets you manipulate files in a remote Harbor server.
WebDav is built into Harbor so try it...
http://localhost:8080/harbor/webdav
Notice that you can see the folders...
Microsoft is a WebDav client, so if you do this...
From the IE browser, FILE -> OPEN ->(type http://localhost:8080/harbor/webdav
and select open as web folder)
the Harbor (remote site) will now be in your file manager...
makes it easy to install remote applications.
So hopefully you are starting to see why having an application
server behave as a web site is so very powerful.
But there is more..
Because a servlet container like Tomcat is also clusterable,
and allows for load sharing behind a system like Apache... you can
create a Harbor web farm, and having
tools like WebDav makes it easy to update several machines.
This is now all common knowledge,
servlet containers like Tomcat are all over the web, have help
mailing lists and if you dont know how, you just need to google or
ask the question. There is so much that can be done, we cant cover
it all, but what we are going to do here is show you the basic
technique for protecting Harbor as a web site.
For example if you place a file called Hello.txt under the
HarborRepository, you will see that if you type
http://localhost:8080/harbor/HarborRepository/Hello.txt
It will display in the browser...
The easiest way to make sure this doesnt happen is
to place this at the bottom of your WEB.XML file.
|
<!-- How to Protect
the Harbor Repository From Web Access -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Harbor
Repository</web-resource-name>
<url-pattern>/HarborRepository/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>super_admin</role-name>
</auth-constraint>
</security-constraint> |
|
This makes the system use access control to all
those files under HarborRepository, and if you
try the above link again, you will see it prompts for security.
There is another file called tomcat-users.xml...
and in this, one places the user names and passwords for those
users that are allowed access.
If you do not put any users in the role name, noone has
access.
If you look at the webdav
download (you have it already in the site download), you
will see that exact same technique is used to protect access to a
webdav site.
You need to learn to do this...
if you get stuck, remember that its the standard security system in
the servlet container you using.
This covers the web layer
security for Harbor however for actual running
applications another very secure layer is used, so keep in
mind that this is protection against browsers accessing Harbor
as a web site, only.
Many things are possible with
this layer, it makes things wonderfully flexible, but do some
reading on basic browser security, to make sure you really understand it.
==============