Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

login-config question

 
Max Tomlinson
Ranch Hand
Posts: 365
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question from JWeb:
Jweb says the coreect answers are 1, 2 + 3.
I answered 2, 3 + 4.
Didn't think 2 was right--form-login without form security sepcified. thought 4 was right because container would use default form-login page. Can someone please explain this to me?
thanks,
max

Which of the following XML frgaments correctly define the login-config element of web.xml?
1.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
</login-config>
2.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

3.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
4.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
</login-config>
5.
<login-config>
<auth-method>SECURE</auth-method>
<realm-name>test</realm-name>
</login-config>
 
Win Yu
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried case 4. I did not seen any default form came out. How do you know there is default one for the form method.
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For number 4 to be correct, you'd have to specify the login and login-error pages, right?
As in (from Tomcat 4):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/login/login.jsp</form-login-page>
<form-error-page>/jsp/security/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
 
ruijin yang
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Max,
I quoted element definition from Servlet Specification 2.3.We can
see the subelement "form-login-config" is optional.So I think the answer is:1,2,3,4;
But,in Servlet Specification 2.3,I can not find the statement that the container will use default login page and error page if
we do not provide the definition of form-login-config.
In fact,Tomcat 4.0 has an example in /jsp/security/protected/*.If
I deleted the subelement "form-login-config" from examples/WEB-INF/web.xml,I found that I can not run http://localhost:8080/examples/jsp/security/protected/index.jsp.
So I think the answer maybe only 2,3.
What is the correct answer?Please help.
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
<!ELEMENT form-login-config (form-login-page, form-error-page)>
ruijin yang
 
Rishi Singh
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Max,
I think 1 is a right option as the <form-login-config> element is a must only if the type of authentication mechanism is FORM,
in case it is CLIENT_CERT it becomes an optional element!!! therefore 1,2 and 3 r the right choice
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic