security web application

i have a servlet named as follow :
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>
I access my servlet by writing : http://localhost/base/data and i get my login.html because it is with security but when i write http://localhost/base/servlet/data i directly access my servlet. I want to know what must i do so that i also get the login.html before accessing to the servlet . Thanks

We're going to need a lot more to go on. For instance, what application server are you using? Can you show us the entire web.xml and not just this snippet?
Kyle

Thanks. Here is the code :
<web-app>
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
<init-param>
<param-name>driver</param-name>
<param-value>interbase.interclient.Driver</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>jdbc:interbase://localhost/c:/ecole/sgbdr/SPJ_2001.gdb</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>base</web-resource-name>
<description>Recherche dans ma base de donn�es</description>
<url-pattern>/data</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Base Administrator</description>
<role-name>baseAdmin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Registered customer</description>
<role-name>baseAdmin</role-name>
</security-role>
</web-app>
Thank you for replying.

if i remember right, the security constraint works only if you use a mapped path, and not the relative url of the servlet.
so, you need to desable a user's possibility to enter your servlets via .../servlet/... path.
(you can map /servlet to a page wchich will say that direct entry is disabled).
all this in case i remember this topic right

Asher thank you.
Is it possible to do a mapping to'http://localhost/base/servlet/data' .
How can i do a mapping so that the user gets the login.html ?

I think that you may use a variable in your session. Once you are logged, you set the variable to true (if the login is correct, of course). Every time that you access a ressource, you must first check if your variable is set to true, if not you redirect to login.html, else you continue your business logic.
I think there is a way by there.
Good luck Engin

hey pal,
read this stuff.
http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf

thank you Ahser and Younes(quel tueurrrr ce gar�on

)

Great link Asher, Thx