Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security web application

 
Engin Okucu
Ranch Hand
Posts: 174
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have a servlet named as follow :
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>
I access my servlet by writing : http://localhost/base/data and i get my login.html because it is with security but when i write http://localhost/base/servlet/data i directly access my servlet. I want to know what must i do so that i also get the login.html before accessing to the servlet . Thanks
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We're going to need a lot more to go on. For instance, what application server are you using? Can you show us the entire web.xml and not just this snippet?
Kyle
 
Engin Okucu
Ranch Hand
Posts: 174
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks. Here is the code :
<web-app>
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
<init-param>
<param-name>driver</param-name>
<param-value>interbase.interclient.Driver</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>jdbc:interbase://localhost/c:/ecole/sgbdr/SPJ_2001.gdb</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>


<security-constraint>
<web-resource-collection>
<web-resource-name>base</web-resource-name>
<description>Recherche dans ma base de donn�es</description>
<url-pattern>/data</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Base Administrator</description>
<role-name>baseAdmin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Registered customer</description>
<role-name>baseAdmin</role-name>
</security-role>
</web-app>
Thank you for replying.
 
Asher Tarnopolski
Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if i remember right, the security constraint works only if you use a mapped path, and not the relative url of the servlet.
so, you need to desable a user's possibility to enter your servlets via .../servlet/... path.
(you can map /servlet to a page wchich will say that direct entry is disabled).
all this in case i remember this topic right
 
Engin Okucu
Ranch Hand
Posts: 174
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Asher thank you.
Is it possible to do a mapping to'http://localhost/base/servlet/data' .
How can i do a mapping so that the user gets the login.html ?
 
Younes Essouabni
Ranch Hand
Posts: 479
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that you may use a variable in your session. Once you are logged, you set the variable to true (if the login is correct, of course). Every time that you access a ressource, you must first check if your variable is set to true, if not you redirect to login.html, else you continue your business logic.
I think there is a way by there.
Good luck Engin
 
Asher Tarnopolski
Ranch Hand
Posts: 260
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hey pal,
read this stuff.
http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf
 
Engin Okucu
Ranch Hand
Posts: 174
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you Ahser and Younes(quel tueurrrr ce gar�on )
 
Younes Essouabni
Ranch Hand
Posts: 479
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great link Asher, Thx
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic