wood burning stoves*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security Problem" Watch "Security Problem" New topic
Author

Security Problem

Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
I am trying out the some examples on security chapter in HFSJ:

What has to given in the <url-pattern> of the <security-constraint>?
My web appln folder structure:


In the <url-pattern>, I have given <url-pattern>/SCWCD/*</url-pattern>..sso all the resources are constrained.. whether it is correct or we have to use the url-pattern in the servlet mapping thing here?

I am not getting the alert for user name and password, although I have used <login-auth>BASIC</login-auth>.. why..?

Below is my coding:

tomcat-users.xml


web.xml


Whether by using <login-auth>BASIC</login-auth> will automatically asks for username and password, if we are trying to call the contrainted resources.. I given all the resources under SCWCD to be constrainted..but still I din't get the alert for user name and passwrd ..what will be problem..?


Micheal John
SCJP 1.4 (86%), SCWCD 1.4 (86%), SCBCD 1.3 (85%), SCDJWS (Just Started...) - Satisfaction Lies in Our EFFORT, Not in the ATTAINMENT
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41123
    
  45
The element is named "security-constraint", not "security-constraints" - there is an extra "s" at the end.


Ping & DNS - my free Android networking tools app
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
I have changed the security-constraints to security-constraint.. but still it's not working. and why at deploy time it doesn't show the error in the web.xml?
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
any help regaring this post..?
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2049
Is SCWCD your context root?

I think you dont have to include it in the url pattern.

Try /* instead of /SCWCD/*
Satya Maheshwari
Ranch Hand

Joined: Jan 01, 2007
Posts: 368
Do you have any resource mapped to the URL pattern "/SCWCD/*"? If yes, it should be secured. I think you aim to secure all resources in the webapp. If yes, I think you should be using "/* " instead as suggested earlier.


Thanks and Regards
Micheal John
Ranch Hand

Joined: Nov 01, 2006
Posts: 344
Thanks Jesus Angeles,Satya Maheshwari.. Now it's working...

But if I want to constraint the particular resource (JSP/Servlet)..how can I do it?
Whether it will be like this: (for particular servlet)
/SCWCD/WEB-INF/classes/com/example/web/SampleServlet.java

(for all servlets)
/SCWCD/WEB-INF/classes/com/example/web/*

I have tried Just now the following: I have the jsp for the application form filling:

I want to constraint this JSP.. which at web-apps\SCWCD\ApplnForm.jsp

I have given the url-pattern as /SCWCD/*, whether it is correct?

And also whether we can constraint any files JSP/HTML/JAVA/XML.. or we can constraint only servlets.. because it's associate with http methods?
[ January 16, 2007: Message edited by: Micheal John ]
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2049
An unsolicited advice: if you havent completed the head first book, continue it first. Some of the issues you are having would be answered as you read the book.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security Problem
 
Similar Threads
Unable to access the servlet even on entering username/password set in tomcat-users.xml
need help in security-constraint
Combining Security Constraints
Problem with security constraints while doing authentication & authorization
Basic Authentication Does Not Work Properly