This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with enforcing security in web-app

 
Varun Nayudu
Ranch Hand
Posts: 159
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am trying to enforce security in my web application.the basic structure is as follows:
web-app -> MyExample1(my app name) -> web.xml and classes(folder)

tomcat-user.xml:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="" roles="admin,manager"/>
</tomcat-users>
---------------------------------------------------------------------
web.xml:-

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
web-app_2_4.xsd" version="2.4">

<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
<web-resource-name>Mee</web-resource-name>
<url-pattern>/serv.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<servlet>
<servlet-name>ser</servlet-name>
<servlet-class>com.web.serv</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>ser</servlet-name>
<url-pattern>/serv.do</url-pattern>
</servlet-mapping>

</web-app>
-----------------------------------------------------------------------

only one servlet is used and i want to restrict access to it depending on the user's. But i am not getting and prompt for username and password instead it is showing "Internet cannot display the webpage"

please tell if i have missed any thing or done any thing incorrectly.
Why am i not getting any prompt for username and password.
Please let me know...
 
Varun Nayudu
Ranch Hand
Posts: 159
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sorry i incorrectly structured the web app it like this

web-app -> MyExample1 -> WEB-INF ->web.xml and classes
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please remove below one from your security-constraint



if you want to include this,you need to get certificate to activate https protocal.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic