| Author |
login-config question
|
Max Tomlinson
Ranch Hand
Joined: Jul 17, 2001
Posts: 364
|
|
Question from JWeb:
Jweb says the coreect answers are 1, 2 + 3.
I answered 2, 3 + 4.
Didn't think 2 was right--form-login without form security sepcified. thought 4 was right because container would use default form-login page. Can someone please explain this to me?
thanks,
max
Which of the following XML frgaments correctly define the login-config element of web.xml?
1.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
</login-config>
2.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
3.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
4.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
</login-config>
5.
<login-config>
<auth-method>SECURE</auth-method>
<realm-name>test</realm-name>
</login-config>
|
 |
Win Yu
Ranch Hand
Joined: Oct 17, 2001
Posts: 224
|
|
|
I tried case 4. I did not seen any default form came out. How do you know there is default one for the form method.
|
Win
|
|
Tony Alicea
Desperado
Sheriff
Joined: Jan 30, 2000
Posts: 3219
|
|
For number 4 to be correct, you'd have to specify the login and login-error pages, right?
As in (from Tomcat 4):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/login/login.jsp</form-login-page>
<form-error-page>/jsp/security/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
|
Tony Alicea
Senior Java Web Application Developer, SCPJ2, SCWCD
|
|
ruijin yang
Ranch Hand
Joined: Apr 29, 2001
Posts: 96
|
|
Hello Max,
I quoted element definition from Servlet Specification 2.3.We can
see the subelement "form-login-config" is optional.So I think the answer is:1,2,3,4;
But,in Servlet Specification 2.3,I can not find the statement that the container will use default login page and error page if
we do not provide the definition of form-login-config.
In fact,Tomcat 4.0 has an example in /jsp/security/protected/*.If
I deleted the subelement "form-login-config" from examples/WEB-INF/web.xml,I found that I can not run http://localhost:8080/examples/jsp/security/protected/index.jsp.
So I think the answer maybe only 2,3.
What is the correct answer?Please help.
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
<!ELEMENT form-login-config (form-login-page, form-error-page)>
ruijin yang
|
SUN Certified Business Component Developer Java EE Platform 5 (2008)<br />SUN Certified Developer for Java Web Services (2007)<br />IBM WebSphere Portal V5.1 Application Development (2006)<br />SUN Certified Web Component Developer (2001)<br />SUN Certified Java 2 Programmer (2001)
|
|
Rishi Singh
Ranch Hand
Joined: Dec 09, 2000
Posts: 321
|
|
Hi Max,
I think 1 is a right option as the <form-login-config> element is a must only if the type of authentication mechanism is FORM,
in case it is CLIENT_CERT it becomes an optional element!!! therefore 1,2 and 3 r the right choice
|
|
 |
|
|
subject: login-config question
|
|
|
0
