Hello,
I am attempting to implement a file server over the WebDAV protocol using a third-party library. I have it mostly working, however, I’d like to improve it by removing the need to have users provide credentials when they open a file. Basically, I want to allow anonymous access to everything under the /storage/* folder within my web application. The other major drawback is that I have to explicitly create a user entry for each user in tomcat-users.xml, unless I’m misunderstanding the way authentication is supposed to be setup.
From what I’ve read, a custom Tomcat realm may do the trick but it seems overkill. I found what may be a related post on the Cuba forum but I’m not sure that’s the solution I’m after either.
Below is what I have configured so far. I added this to WEB-INF\web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Resources</web-resource-name>
<url-pattern>/storage/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>Digest Authentication</realm-name>
</login-config>
And this is what I added to tomcat-users.xml:
<!-- case-sensitive -->
<role rolename="Administrators"/>
<user username="admin" password="admin" roles="Administrators"/>
Any guidance is much appreciated.