• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

securing web applications

 
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is part of my web.xml file for some reason works in tomcat but I tried using Websphere application developer 5.0 and it doesn't.

I get an internal error, I'm sure I copied the files right? Many something missing when I'm using WSAD 5.0. Any ideas?

this is my error trace in the console
[Servlet Error]-[FormLoginServlet]: com.ibm.ws.webcontainer.servlet.exception.ServletNotFoundException: Servlet Not Found: FormLoginServlet
at com.ibm.ws.webcontainer.webapp.WebAppServletManager.getServletReference(WebAppServletManager.java:514)

This is my web.xml file that worked in tomcat.

[code]
<security-constraint>

<web-resource-collection>
<web-resource-name>Security Test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/formlogin.html</form-login-page>
<form-error-page>/formerror.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>tomcat</role-name>
</security-role>

[code]
 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think you need to turn security on in WebSphere
(Start up the server, turn on the admin console, login & go the the security tab).

btw. in future, you're probably better posting this kind of thing under the IBM/Websphere forum
 
Fran Kindred
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
my apologies, however, no luck my IDE is not a full blown app server I just have the test environment. any other ideas?
 
louise rochford
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yeah, you can do this when you run stuff in the ide without deploying the code to a seperate WebSphere server.

Switch to the server perspective - you might need to use the 'open new perspective' icon at the top left of the left hand menu bar.
You should see a 'server configuration' &/or 'servers' panel.
The internal test environment instance should be listed (mies something like 'WebSphere v5.0 Test Environment'). Double-click on this to open up the server configuration window. Select the 'security' tab at the bottom & check the 'Enable security' option.
N.B. You'll probably also have to have a user registry configured e.g. LDAP. WebSphere doesn't have the xml user authentication file that Tomcat does.

You can also do this via the Admin console:
Run the code as you normally do (I do this by right clicking on the web project & selecting 'run on server') on the embedded test environment.
Once you can see that the server is 'open for business', switch to the server perspective, right-click on the server environment & select the 'run admin console' option...

regards,
Louise
 
Fran Kindred
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for replying Louise,

I actually did that same steps however at the security tab there is an enable security but then it prompts for

server id, password?

I'm not sure what id or password is this....?
 
louise rochford
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When someone logs on to your application, they will get authenticated against some sort of user registry (we use LDAP, but you could have something different configured).
Once you've turned security on, access via the admin console is controlled in the same way as if someone were accessing the application. Theres usually some administrator role & password defined...
I'd guess that the server / application as a whole also needs to be authenticated in a similar manner in order to estalish a connection to the user registry.
Heres a red book on WAS configuration that might help. Otherwise have a dig around on the IBM WebSphere forum.
Best of luck,
Louise
 
Fran Kindred
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks again for your time and help Louise!!!
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic