Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Roles and access Servlets, Jsp in Tomcat

 
carina caoor
Ranch Hand
Posts: 300
Eclipse IDE Oracle Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi in my project i want to set the user roles i have admin, superuser, user where user can simply view data, superuser can modify data, admin can add users, in my web.xml I added
[code]
<security-constraint>
<web-resource-collection>
<web-resource-name>user</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>superuser</web-resource-name>
<url-pattern>/superuser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>superuser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>superuser</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>

<servlet>
<servlet-name>ViewPlotInformation</servlet-name>
<jsp-file>/ViewPlotInformation.jsp</jsp-file>
</servlet>

<servlet-mapping>
<servlet-name>ViewPlotInformation</servlet-name>
<url-pattern>/user/ViewPlotInformation</url-pattern>
</servlet-mapping>


also in my tomcat-users.xml i added

[code]

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="user"/>
<role rolename="tomcat"/>
<role rolename="standard"/>
<role rolename="manager"/>
<role rolename="admin"/>
<role rolename="superuser"/>
<user username="Ajman" password="ajman" roles="user"/>
<user username="ruquia" password="tabassum" roles="admin,standard,manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="aspcl" password="aspcl" roles="superuser"/>
<user username="admin" password="admin" roles="admin"/>
</tomcat-users>


But when i log in as Ajman i should see the page ViewPlotInformation but it not showing me this page its showing me the whole application.
Can anyone help me out in this, i am confused with this access roles.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not quite clear on what you're asking. The user/role/login stuff does not determine which page is shown to a user. All it does it to determine whether a particular page -which the user is trying to access- should or should not be shown to him. Maybe there's something screwy about the logic that determines which page to show?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic