aspose file tools*
The moose likes Servlets and the fly likes Roles and access Servlets, Jsp in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Roles and access Servlets, Jsp in Tomcat" Watch "Roles and access Servlets, Jsp in Tomcat" New topic
Author

Roles and access Servlets, Jsp in Tomcat

carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

hi in my project i want to set the user roles i have admin, superuser, user where user can simply view data, superuser can modify data, admin can add users, in my web.xml I added
[code]
<security-constraint>
<web-resource-collection>
<web-resource-name>user</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>superuser</web-resource-name>
<url-pattern>/superuser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>superuser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>superuser</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>

<servlet>
<servlet-name>ViewPlotInformation</servlet-name>
<jsp-file>/ViewPlotInformation.jsp</jsp-file>
</servlet>

<servlet-mapping>
<servlet-name>ViewPlotInformation</servlet-name>
<url-pattern>/user/ViewPlotInformation</url-pattern>
</servlet-mapping>


also in my tomcat-users.xml i added

[code]

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="standard"/>
<role rolename="manager"/>
<role rolename="admin"/>
<role rolename="superuser"/>
<user username="Ajman" password="ajman" roles="user"/>
<user username="ruquia" password="tabassum" roles="admin,standard,manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="aspcl" password="aspcl" roles="superuser"/>
<user username="admin" password="admin" roles="admin"/>
</tomcat-users>


But when i log in as Ajman i should see the page ViewPlotInformation but it not showing me this page its showing me the whole application.
Can anyone help me out in this, i am confused with this access roles.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41489
    
  53
I'm not quite clear on what you're asking. The user/role/login stuff does not determine which page is shown to a user. All it does it to determine whether a particular page -which the user is trying to access- should or should not be shown to him. Maybe there's something screwy about the logic that determines which page to show?


Ping & DNS - my free Android networking tools app
 
jQuery in Action, 2nd edition
 
subject: Roles and access Servlets, Jsp in Tomcat