This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Declarative security in web.xml?? is this secure?? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Declarative security in web.xml?? is this secure??" Watch "Declarative security in web.xml?? is this secure??" New topic
Author

Declarative security in web.xml?? is this secure??

Paul Yen
Greenhorn

Joined: Feb 08, 2004
Posts: 19
Recently, I was doing the example on chapter 9 in SCWCD Exam Study Kit book. I tried to put security requirements on web.xml and run the program. Only the first time, it run exactly the result the same as book. If I tried to refresh and run again, it told me that "Access to the requested resource has been denied". It will work properly again only if I shutdown the server and turn on again. I use Java TM Web Services Developer Pack 1.3. Therefore I am so counfused about this, is this a secure way to protect the servlet??
The below is my code on web.xml and html page.
XML:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>declarative security test</web-resource-name>
<url-pattern>/servlet/SecureServlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/formlogin.html</form-login-page>
<form-error-page>/formerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>supervisor</role-name>
</security-role>
</web-app>
HTML:
<form method="POST" action="servlet/SecureServlet">
<input type="text" name="username">
<input type="submit" value="OK">
</form>


SCJP 1.4, SCWCD, SCBCD,<br />SCDJWS (preparing)
Ivan Matmati
Ranch Hand

Joined: Feb 26, 2003
Posts: 41
What do you mean by "work properly"? What does not work in other case?


No Gates!<p>SCPJ 1.4<br />SCWCD 1.4
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Declarative security in web.xml?? is this secure??
 
Similar Threads
How to secure my page
WebLogic Form-Based Authentication Problem
form based login with LDAP
security-role-ref and isUserInRole( )
need help,2 questions