File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes security web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "security web application" Watch "security web application" New topic
Author

security web application

Engin Okucu
Ranch Hand

Joined: Feb 09, 2002
Posts: 174
i have a servlet named as follow :
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>
I access my servlet by writing : http://localhost/base/data and i get my login.html because it is with security but when i write http://localhost/base/servlet/data i directly access my servlet. I want to know what must i do so that i also get the login.html before accessing to the servlet . Thanks
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
    
    5
We're going to need a lot more to go on. For instance, what application server are you using? Can you show us the entire web.xml and not just this snippet?
Kyle


Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
Engin Okucu
Ranch Hand

Joined: Feb 09, 2002
Posts: 174
Thanks. Here is the code :
<web-app>
<servlet>
<servlet-name>data</servlet-name>
<servlet-class>DatabaseServlet</servlet-class>
<init-param>
<param-name>driver</param-name>
<param-value>interbase.interclient.Driver</param-value>
</init-param>
<init-param>
<param-name>protocol</param-name>
<param-value>jdbc:interbase://localhost/c:/ecole/sgbdr/SPJ_2001.gdb</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>data</servlet-name>
<url-pattern>/data</url-pattern>
</servlet-mapping>


<security-constraint>
<web-resource-collection>
<web-resource-name>base</web-resource-name>
<description>Recherche dans ma base de donn�es</description>
<url-pattern>/data</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Base Administrator</description>
<role-name>baseAdmin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Registered customer</description>
<role-name>baseAdmin</role-name>
</security-role>
</web-app>
Thank you for replying.
Asher Tarnopolski
Ranch Hand

Joined: Jul 28, 2001
Posts: 260
if i remember right, the security constraint works only if you use a mapped path, and not the relative url of the servlet.
so, you need to desable a user's possibility to enter your servlets via .../servlet/... path.
(you can map /servlet to a page wchich will say that direct entry is disabled).
all this in case i remember this topic right


Asher Tarnopolski
SCJP,SCWCD
Engin Okucu
Ranch Hand

Joined: Feb 09, 2002
Posts: 174
Asher thank you.
Is it possible to do a mapping to'http://localhost/base/servlet/data' .
How can i do a mapping so that the user gets the login.html ?
Younes Essouabni
Ranch Hand

Joined: Jan 13, 2002
Posts: 479
I think that you may use a variable in your session. Once you are logged, you set the variable to true (if the login is correct, of course). Every time that you access a ressource, you must first check if your variable is set to true, if not you redirect to login.html, else you continue your business logic.
I think there is a way by there.
Good luck Engin


Younes
By constantly trying one ends up succeeding. Thus: the more one fails the more one has a chance to succeed.
Asher Tarnopolski
Ranch Hand

Joined: Jul 28, 2001
Posts: 260
hey pal,
read this stuff.
http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf
Engin Okucu
Ranch Hand

Joined: Feb 09, 2002
Posts: 174
thank you Ahser and Younes(quel tueurrrr ce gar�on )
Younes Essouabni
Ranch Hand

Joined: Jan 13, 2002
Posts: 479
Great link Asher, Thx
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security web application
 
Similar Threads
web.xml url-pattern wildcards?
Servlet Mapping and <url-pattern>
Path Not Reaching Servlet
Problem with FORM authentication method
Form-based Security