• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to make selective jsp files secured

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Greeting All,
I am working on web application in which server authentication is required. Suppose I have 5 jsp files and I want to have 3 jsp files as secured using SSL and the remaining 2 as non-secured. How it can be done?
Appreciate in advance.

Waiting...

Taqi
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In your web.xml, you can use several <url-pattern> elements, one for each JSP page. Those elements are inside a <web-resource-collection> element, which is inside a <security-constraint> element.
 
Taqi Hasan
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for replying.
Regarding <security-constraint>, my understanding is that you can restrict users on the basis of Client certificate. I do not want client's authentication, I only want the server authenication.If I am wrong, pls correct me.
Some websites mostly do server authentication but how they do.

Thanks in advance.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't need to use client certificates, you can use HTTP authentication (which uses a username and password). Tomcat comes with a JSP example that demonstrates how to use that to protect resources.
 
Taqi Hasan
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dittmer,
Thanks for the info. In tomcat example, it is using
I add further to my question as follows:
I am developing web application and the requirement is that users should register online by signup process. Once they are registered member, they have to login using SSL such as https://www.abc.com/login.jsp ,here i am using https.
If somebody tries to put URL as http://www.abc.com/login.jsp, the login will be successful, for which I do not want that users do login without https. HOW IT CAN BE DONE? Does any web.xml needs to be configured or something else. Is there any tutorial about it?

I hope I have tried to address my problem clearly to you.
You can contact me at taqihasan@gmail.com

Thanks and best regards.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HttpServletRequest has the method isSecure, which tells you whether a request came in over HTTP or HTTPS. If it did not, you can reject the login.
 
Taqi Hasan
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dittmer,
Thank you very much for your help.

Taqi
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic