This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Problem with security constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Problem with security constraint" Watch "Problem with security constraint" New topic
Author

Problem with security constraint

DeAlton Jones
Greenhorn

Joined: Apr 04, 2006
Posts: 22
Hi Everyone,

I am trying to secure a particular web page in my project by using security constraint in my web.xml. I am authenticating against a LDAP Server and am successful in getting the roles for the particular user.

Most of the pages will be seen to anyone who successfully logs in but a few of the pages I want only people with an admin or super super role to see it.

so this is what i put in my web xml



While this seems to be correct the user still has access to the page the constraint then works when they try to use the page ex.(click on a submit button, or link on the page) then the browser displays no authorization page.

Is there anyway to get this working so that when the user gets stopped before they get to the page. I am successful on rendering links based on the roles returned but I want to prevent them from typing in the url to get to the resource.

Thanks in advance for you help

DeAlton
DeAlton Jones
Greenhorn

Joined: Apr 04, 2006
Posts: 22
I figured it out. xml is read from the top down I had a public constraint that overrided the protected constraint in the wrong order
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with security constraint
 
Similar Threads
Declarative security
How to change response from Https to Http
Adding users and roles
How to change response from Https to Http
access control with realm db