aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Problem with enforcing security in web-app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Problem with enforcing security in web-app" Watch "Problem with enforcing security in web-app" New topic
Author

Problem with enforcing security in web-app

Varun Nayudu
Ranch Hand

Joined: Jun 26, 2006
Posts: 157
i am trying to enforce security in my web application.the basic structure is as follows:
web-app -> MyExample1(my app name) -> web.xml and classes(folder)

tomcat-user.xml:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="" roles="admin,manager"/>
</tomcat-users>
---------------------------------------------------------------------
web.xml:-

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
web-app_2_4.xsd" version="2.4">

<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>

<security-constraint>
<web-resource-collection>
<web-resource-name>Mee</web-resource-name>
<url-pattern>/serv.do</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<servlet>
<servlet-name>ser</servlet-name>
<servlet-class>com.web.serv</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>ser</servlet-name>
<url-pattern>/serv.do</url-pattern>
</servlet-mapping>

</web-app>
-----------------------------------------------------------------------

only one servlet is used and i want to restrict access to it depending on the user's. But i am not getting and prompt for username and password instead it is showing "Internet cannot display the webpage"

please tell if i have missed any thing or done any thing incorrectly.
Why am i not getting any prompt for username and password.
Please let me know...


SCJP 1.5, SCWCD 1.5
Varun Nayudu
Ranch Hand

Joined: Jun 26, 2006
Posts: 157
sorry i incorrectly structured the web app it like this

web-app -> MyExample1 -> WEB-INF ->web.xml and classes
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

please remove below one from your security-constraint



if you want to include this,you need to get certificate to activate https protocal.
 
wood burning stoves
 
subject: Problem with enforcing security in web-app
 
Similar Threads
Authentication and Authorization implementation using DD Problem
web security not working as expected,
Problem While Enabling Authentication
Regarding Authentication & Authorization
security constraint - not working