aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes security related web.xml elements - small tips Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "security related web.xml elements - small tips" Watch "security related web.xml elements - small tips" New topic
Author

security related web.xml elements - small tips

Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9383
    
    2

Hi guys,

Here's a simple way to remember the 3 big elements of the web.xml related to security,

<security-constraint>
1) It identifies what resource we are securing...<web-resource-collection>
2) What roles can access the resource...<auth-constraint>
3) How the resource is to be transmitted across the network...<user-data-constraint>

<login-config>
1) It defines what authentication mechanism is to be used...<auth-method>

<security-role>
1) It catalog's any security roles in use by the web application...<role-name>

Hope this helps for newbees!
[ April 13, 2007: Message edited by: Jothi Shankar Kumar Sankararaj ]

SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9383
    
    2

The reason I posted this is because I never worked with security and it is our deployers who does all this and many times I found it hard to remember all the sub elements and so on. Now after knowing it like the way above, I'm able to remember it always without any error. This will definitely help me in the exam...
Neo Phesus
Ranch Hand

Joined: Feb 22, 2007
Posts: 71
Hi Jothi Sankar,

If I am not deviating the objective of this post, I would like to know for a form based authentication, How could I authenticate an user from the list of user name and password credentials from the database without using the tomcat users XML file??

I am pretty new to this, so there may be lotz of loop holes even in my question or even the question is itself silly

Thanks for your time.

Regards
[ April 15, 2007: Message edited by: Neo Phesus ]

Neo<br />CCNA, SCJP 1.5, SCWCD 1.4
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

You will have to refer to the documentation of your container.
The following wiki gives you links to the relevant pages :
http://jspwiki.org/wiki/TomcatAuthentication


[My Blog]
All roads lead to JavaRanch
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41867
    
  63
Neo,

what you're looking for is either a JDBCRealm or a DataSourceRealm. (Note that the page Satou linked to talks about JspWiki integration with Tomcat, so there's some stuff that wouldn't apply to your web app.)

The Tomcat FAQ has a section on container-based authentication.
[ April 15, 2007: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Note that the page Satou linked to talks about JspWiki integration with Tomcat, so there's some stuff that wouldn't apply to your web app.)

True. I was only pointing out to the links in that page. I paste them here for clarification (which I should have done at the first post) :
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html
Neo Phesus
Ranch Hand

Joined: Feb 22, 2007
Posts: 71
Thank you Ulf and Satou

Man, I love this forum
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security related web.xml elements - small tips