This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication in web-app Security

 
Maneessh saxena
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Great Ranchers,

I've a query regarding enabling security....

I am using Apache Tomcat 6.0.14 . I put entries in "tomcat-users.xml" as shown ...

-----------------------------------------------------------------------------------
"tomcat-users.xml"


<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="admin"/>
<user username="Maneesh" password="jaisairam" roles="admin"/>
</tomcat-users>

-----------------------------------------------------------------------------------

Then I wrote web.xml as shown....



-----------------------------------------------------------------------------------
"web.xml"


<login-config>
<auth-method>BASIC</auth-method>
</login-config>


<security-role>
<role-name>admin</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
<web-resource-name>SomeResource</web-resource-name>
<url-pattern>/com/mine/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<servlet>
<description></description>
<display-name>ControllerServ</display-name>
<servlet-name>ControllerServ</servlet-name>
<servlet-class>com.mine.ControllerServ</servlet-class>
</servlet>


<servlet-mapping>
<servlet-name>ControllerServ</servlet-name>
<url-pattern>/ControllerServ</url-pattern>
</servlet-mapping>




-----------------------------------------------------------------------------------

Now This's the Restricted resource as shown ..... A Simple Servlet



package com.mine;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class ControllerServ extends HttpServlet {
private static final long serialVersionUID = 1L;



public ControllerServ() {
super();

}

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
// Some Code
}


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException

{
// Some Code
}
}

-----------------------------------------------------------------------------------

I was expecting a login page asking for username & password when I try to access ControllerServ. But inspite of accessing a constrained resource, Container is not asking me for any authaontication (username & password). Please let me know where I am doing a mistake.

Thanks & Regards
Maneesh Saxena
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The security constraint is applied on the url pattern
<url-pattern>/com/mine/*</url-pattern>
and the url-pattern of the servlet is
<url-pattern>/ControllerServ</url-pattern>

The url-pattern of the servlet should lie within the defined patterns in security constraints in order to get the constraint applied on that servlet.
 
Maneessh saxena
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Satya .....

I got your point .....

Best Regards
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic