aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security Problem" Watch "Security Problem" New topic
Author

Security Problem

Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
I am trying out the some examples on security chapter in HFSJ:

What has to given in the <url-pattern> of the <security-constraint>?
My web appln folder structure:


In the <url-pattern>, I have given <url-pattern>/SCWCD/*</url-pattern>..sso all the resources are constrained.. whether it is correct or we have to use the url-pattern in the servlet mapping thing here?

I am not getting the alert for user name and password, although I have used <login-auth>BASIC</login-auth>.. why..?

Below is my coding:

tomcat-users.xml


web.xml


Whether by using <login-auth>BASIC</login-auth> will automatically asks for username and password, if we are trying to call the contrainted resources.. I given all the resources under SCWCD to be constrainted..but still I din't get the alert for user name and passwrd ..what will be problem..?


Micheal John
SCJP 1.4 (86%), SCWCD 1.4 (86%), SCBCD 1.3 (85%), SCDJWS (Just Started...) - Satisfaction Lies in Our EFFORT, Not in the ATTAINMENT
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42935
    
  68
The element is named "security-constraint", not "security-constraints" - there is an extra "s" at the end.
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
I have changed the security-constraints to security-constraint.. but still it's not working. and why at deploy time it doesn't show the error in the web.xml?
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
any help regaring this post..?
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2061
Is SCWCD your context root?

I think you dont have to include it in the url pattern.

Try /* instead of /SCWCD/*
Satya Maheshwari
Ranch Hand

Joined: Jan 01, 2007
Posts: 368
Do you have any resource mapped to the URL pattern "/SCWCD/*"? If yes, it should be secured. I think you aim to secure all resources in the webapp. If yes, I think you should be using "/* " instead as suggested earlier.


Thanks and Regards
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
Thanks Jesus Angeles,Satya Maheshwari.. Now it's working...

But if I want to constraint the particular resource (JSP/Servlet)..how can I do it?
Whether it will be like this: (for particular servlet)
/SCWCD/WEB-INF/classes/com/example/web/SampleServlet.java

(for all servlets)
/SCWCD/WEB-INF/classes/com/example/web/*

I have tried Just now the following: I have the jsp for the application form filling:

I want to constraint this JSP.. which at web-apps\SCWCD\ApplnForm.jsp

I have given the url-pattern as /SCWCD/*, whether it is correct?

And also whether we can constraint any files JSP/HTML/JAVA/XML.. or we can constraint only servlets.. because it's associate with http methods?
[ January 16, 2007: Message edited by: Micheal John ]
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2061
An unsolicited advice: if you havent completed the head first book, continue it first. Some of the issues you are having would be answered as you read the book.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Problem