wood burning stoves 2.0*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes securing web applications Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "securing web applications" Watch "securing web applications" New topic
Author

securing web applications

Francis Palattao
Ranch Hand

Joined: Sep 22, 2004
Posts: 91
This is part of my web.xml file for some reason works in tomcat but I tried using Websphere application developer 5.0 and it doesn't.

I get an internal error, I'm sure I copied the files right? Many something missing when I'm using WSAD 5.0. Any ideas?

this is my error trace in the console
[Servlet Error]-[FormLoginServlet]: com.ibm.ws.webcontainer.servlet.exception.ServletNotFoundException: Servlet Not Found: FormLoginServlet
at com.ibm.ws.webcontainer.webapp.WebAppServletManager.getServletReference(WebAppServletManager.java:514)

This is my web.xml file that worked in tomcat.

[code]
<security-constraint>

<web-resource-collection>
<web-resource-name>Security Test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/formlogin.html</form-login-page>
<form-error-page>/formerror.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>tomcat</role-name>
</security-role>

[code]


SCJP 1.4 <br />SCWCD 1.4 (preparing)<br />SCBCD 1.3 (coming soon)
louise rochford
Ranch Hand

Joined: Apr 04, 2002
Posts: 119
I think you need to turn security on in WebSphere
(Start up the server, turn on the admin console, login & go the the security tab).

btw. in future, you're probably better posting this kind of thing under the IBM/Websphere forum
Francis Palattao
Ranch Hand

Joined: Sep 22, 2004
Posts: 91
my apologies, however, no luck my IDE is not a full blown app server I just have the test environment. any other ideas?
louise rochford
Ranch Hand

Joined: Apr 04, 2002
Posts: 119
Yeah, you can do this when you run stuff in the ide without deploying the code to a seperate WebSphere server.

Switch to the server perspective - you might need to use the 'open new perspective' icon at the top left of the left hand menu bar.
You should see a 'server configuration' &/or 'servers' panel.
The internal test environment instance should be listed (mies something like 'WebSphere v5.0 Test Environment'). Double-click on this to open up the server configuration window. Select the 'security' tab at the bottom & check the 'Enable security' option.
N.B. You'll probably also have to have a user registry configured e.g. LDAP. WebSphere doesn't have the xml user authentication file that Tomcat does.

You can also do this via the Admin console:
Run the code as you normally do (I do this by right clicking on the web project & selecting 'run on server') on the embedded test environment.
Once you can see that the server is 'open for business', switch to the server perspective, right-click on the server environment & select the 'run admin console' option...

regards,
Louise
Francis Palattao
Ranch Hand

Joined: Sep 22, 2004
Posts: 91
Thanks for replying Louise,

I actually did that same steps however at the security tab there is an enable security but then it prompts for

server id, password?

I'm not sure what id or password is this....?
louise rochford
Ranch Hand

Joined: Apr 04, 2002
Posts: 119
When someone logs on to your application, they will get authenticated against some sort of user registry (we use LDAP, but you could have something different configured).
Once you've turned security on, access via the admin console is controlled in the same way as if someone were accessing the application. Theres usually some administrator role & password defined...
I'd guess that the server / application as a whole also needs to be authenticated in a similar manner in order to estalish a connection to the user registry.
Heres a red book on WAS configuration that might help. Otherwise have a dig around on the IBM WebSphere forum.
Best of luck,
Louise
Francis Palattao
Ranch Hand

Joined: Sep 22, 2004
Posts: 91
Thanks again for your time and help Louise!!!
 
Consider Paul's rocket mass heater.
 
subject: securing web applications