Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Problem

 
Micheal John
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying out the some examples on security chapter in HFSJ:

What has to given in the <url-pattern> of the <security-constraint>?
My web appln folder structure:


In the <url-pattern>, I have given <url-pattern>/SCWCD/*</url-pattern>..sso all the resources are constrained.. whether it is correct or we have to use the url-pattern in the servlet mapping thing here?

I am not getting the alert for user name and password, although I have used <login-auth>BASIC</login-auth>.. why..?

Below is my coding:

tomcat-users.xml


web.xml


Whether by using <login-auth>BASIC</login-auth> will automatically asks for username and password, if we are trying to call the contrainted resources.. I given all the resources under SCWCD to be constrainted..but still I din't get the alert for user name and passwrd ..what will be problem..?
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The element is named "security-constraint", not "security-constraints" - there is an extra "s" at the end.
 
Micheal John
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have changed the security-constraints to security-constraint.. but still it's not working. and why at deploy time it doesn't show the error in the web.xml?
 
Micheal John
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
any help regaring this post..?
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is SCWCD your context root?

I think you dont have to include it in the url pattern.

Try /* instead of /SCWCD/*
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you have any resource mapped to the URL pattern "/SCWCD/*"? If yes, it should be secured. I think you aim to secure all resources in the webapp. If yes, I think you should be using "/* " instead as suggested earlier.
 
Micheal John
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jesus Angeles,Satya Maheshwari.. Now it's working...

But if I want to constraint the particular resource (JSP/Servlet)..how can I do it?
Whether it will be like this: (for particular servlet)
/SCWCD/WEB-INF/classes/com/example/web/SampleServlet.java

(for all servlets)
/SCWCD/WEB-INF/classes/com/example/web/*

I have tried Just now the following: I have the jsp for the application form filling:

I want to constraint this JSP.. which at web-apps\SCWCD\ApplnForm.jsp

I have given the url-pattern as /SCWCD/*, whether it is correct?

And also whether we can constraint any files JSP/HTML/JAVA/XML.. or we can constraint only servlets.. because it's associate with http methods?
[ January 16, 2007: Message edited by: Micheal John ]
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An unsolicited advice: if you havent completed the head first book, continue it first. Some of the issues you are having would be answered as you read the book.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic