Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Servlets Search Coderanch
Advance search Google search
Register / Login
thread boost polymorphism book review grid granny advertise on coderanch
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
thread boost meaningless drivel book review grid advertise on coderanch building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

exclude the welcome page or the webroot (/ only) from the security-constraint

 
Johnny Bekkestad
Greenhorn
Posts: 1
posted 11 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi, i am struggling with the web.xml configuration
This is what i have

<welcome-file-list>
<welcome-file>/jsp/index.jsp</welcome-file>
</welcome-file-list>

<security-constraint>
<display-name>Unsecure pages</display-name>
<web-resource-collection>
<web-resource-name>Unsecure pages</web-resource-name>
<url-pattern>/jsp/index.jsp</url-pattern>
</web-resource-collection>
</security-constraint>


<security-constraint>
<display-name>Secure root resources</display-name>
<web-resource-collection>
<web-resource-name>Secure root resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>RoleA</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<display-name>Specific secure recourses</display-name>
<web-resource-collection>
<web-resource-name>Specific secure recourses</web-resource-name>
<url-pattern>/home</url-pattern>
<url-pattern>/search</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>RoleA</role-name>
<role-name>RoleB</role-name>
</auth-constraint>
</security-constraint>

and in the index.jsp i have this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>TITLE</title>
<meta http-equiv="REFRESH" content="0; url=/mpbo/home"></HEAD>
</HTML>


What i want to achieve is that RoleA is supposed to have full Access to the site and the RoleB should only have access to the home page and the search page
The home page is default for both RoleA and RoleB


The problem i am having is only with the users within RoleB
When i as a user with RoleB go the the
http://localhost:8080/mpbo/ i am prompted to the login page, i login which works fine and then redirected to the /jsp/index.jsp (welcome-file) which tries to redirect me to the /mpbo/home folder but here i get Access is denied.
If i browse directly to the /mpbo/home folder after i login it is successfull
If i browse directly to the /jsp/index.jsp file it will successfully redirect me to the /mpbo/home page

So i believe the problem is that the actuall / has a constraint on it.
I tried to add a url patter with / only and no constraint and even with RoleA and RoleB but it did not work either.

Any ideas how i can get this to work?
 
Don't get me started about those stupid light bulbs.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...