I am attempting to implement a file server over the WebDAV protocol using a third-party library. I have it mostly working, however, I’d like to improve it by removing the need to have users provide credentials when they open a file. Basically, I want to allow anonymous access to everything under the /storage/* folder within my web application. The other major drawback is that I have to explicitly create a user entry for each user in tomcat-users.xml, unless I’m misunderstanding the way authentication is supposed to be setup.
From what I’ve read, a custom Tomcat realm may do the trick but it seems overkill. I found what may be a related post on the Cuba forum but I’m not sure that’s the solution I’m after either.
Below is what I have configured so far. I added this to WEB-INF\web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>All Resources</web-resource-name> <url-pattern>/storage/*</url-pattern> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>*</role-name> </security-role> <login-config> <auth-method>DIGEST</auth-method> <realm-name>Digest Authentication</realm-name> </login-config>
And this is what I added to tomcat-users.xml:
<!-- case-sensitive --> <role rolename="Administrators"/> <user username="admin" password="admin" roles="Administrators"/>
Any guidance is much appreciated.