This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication in web-app Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Authentication in web-app Security " Watch "Authentication in web-app Security " New topic
Author

Authentication in web-app Security

Maneessh saxena
Ranch Hand

Joined: Oct 03, 2006
Posts: 125
Hi Great Ranchers,

I've a query regarding enabling security....

I am using Apache Tomcat 6.0.14 . I put entries in "tomcat-users.xml" as shown ...

-----------------------------------------------------------------------------------
"tomcat-users.xml"


<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="admin"/>
<user username="Maneesh" password="jaisairam" roles="admin"/>
</tomcat-users>

-----------------------------------------------------------------------------------

Then I wrote web.xml as shown....



-----------------------------------------------------------------------------------
"web.xml"


<login-config>
<auth-method>BASIC</auth-method>
</login-config>


<security-role>
<role-name>admin</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
<web-resource-name>SomeResource</web-resource-name>
<url-pattern>/com/mine/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<servlet>
<description></description>
<display-name>ControllerServ</display-name>
<servlet-name>ControllerServ</servlet-name>
<servlet-class>com.mine.ControllerServ</servlet-class>
</servlet>


<servlet-mapping>
<servlet-name>ControllerServ</servlet-name>
<url-pattern>/ControllerServ</url-pattern>
</servlet-mapping>




-----------------------------------------------------------------------------------

Now This's the Restricted resource as shown ..... A Simple Servlet



package com.mine;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class ControllerServ extends HttpServlet {
private static final long serialVersionUID = 1L;



public ControllerServ() {
super();

}

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
// Some Code
}


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException

{
// Some Code
}
}

-----------------------------------------------------------------------------------

I was expecting a login page asking for username & password when I try to access ControllerServ. But inspite of accessing a constrained resource, Container is not asking me for any authaontication (username & password). Please let me know where I am doing a mistake.

Thanks & Regards
Maneesh Saxena


SCJP 1.4, SCWCD 1.5
Satya Maheshwari
Ranch Hand

Joined: Jan 01, 2007
Posts: 368
The security constraint is applied on the url pattern
<url-pattern>/com/mine/*</url-pattern>
and the url-pattern of the servlet is
<url-pattern>/ControllerServ</url-pattern>

The url-pattern of the servlet should lie within the defined patterns in security constraints in order to get the constraint applied on that servlet.


Thanks and Regards
Maneessh saxena
Ranch Hand

Joined: Oct 03, 2006
Posts: 125
Thanks Satya .....

I got your point .....

Best Regards
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication in web-app Security
 
Similar Threads
security constraint - not working
Security Problem
BASIC login window doesn't show up
Need help getting authentication working
login-config not prompting for user id and password