Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Web.xml - ByPass security

 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What are the steps to consider, when need to bypass security in Web Application?

Any help would be greately appreciated.

Thanks in advance for help...
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "bypass security"? What kind of security? And are you trying to bypass it, or are you trying to prevent that?
 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What i meant is i do not want login info....in order to access the webapp..
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you asking this in perspective of the client or the server? If client, then that's not possible (if the web application is well designed). If server, then just disable it.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64833
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
twinkle desai wrote:What i meant is i do not want login info....in order to access the webapp..

Then don't add any. There is no authentication unless you set up it up so.
 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<?xml version="1.0" encoding="UTF-8"?>


<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<context-param>
<param-name>weblogic.servlet.reloadCheckSecs</param-name>
<param-value>0</param-value>
</context-param>

<context-param>
<param-name>weblogic.jsp.compile</param-name>
<param-value>javac</param-value>
</context-param>

<context-param>
<param-name>weblogic.jsp.keepgenerated</param-name>
<param-value>true</param-value>
</context-param>

<servlet>
<servlet-name>ContractsController</servlet-name>
<display-name>ContractsController</display-name>
<servlet-class>
com.hns.claims.apps.cam.controller.ContractsController
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>home</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>simple_search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>search_list</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>admin</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>clist</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>new_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>insert_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>modify_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>error</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>set_upload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>run_upload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>get_act_contracts</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>get_prod_codes</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_new_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_reports</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_criteria</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_result</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_result_excel</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_upd_template</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>copy_confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_copy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update_commit</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_copy_commit</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update_result</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>return_search_list</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_new_amend</url-pattern>
</servlet-mapping>


<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>delete_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>rate_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>new_rate_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>contract_question</url-pattern>
</servlet-mapping>


<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Index.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>"http://java.sun.com/regions"</taglib-uri>
<taglib-location>/WEB-INF/tlds/regions.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>"http://java.sun.com/iterator"</taglib-uri>
<taglib-location>/WEB-INF/tlds/iterator.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>conditional</taglib-uri>
<taglib-location>/WEB-INF/tlds/conditional.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>"http://java.sun.com/hnsforms"</taglib-uri>
<taglib-location>/WEB-INF/tlds/hnsforms.tld</taglib-location>
</taglib>

<security-constraint>
<web-resource-collection>
<web-resource-name>home</web-resource-name>
<description></description>
<url-pattern>/home</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>simple_search</web-resource-name>
<description></description>
<url-pattern>/simple_search</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>search</web-resource-name>
<description></description>
<url-pattern>/search</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>search_list</web-resource-name>
<description></description>
<url-pattern>/search_list</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>clist</web-resource-name>
<description></description>
<url-pattern>/clist</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>modify_contract</web-resource-name>
<description></description>
<url-pattern>/modify_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_search</web-resource-name>
<description></description>
<url-pattern>/main_search</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>contracts_guest</role-name>
<role-name>contracts_admin</role-name>
<role-name>contracts</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>new_contract</web-resource-name>
<description></description>
<url-pattern>/new_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>insert_contract</web-resource-name>
<description></description>
<url-pattern>/insert_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_contract</web-resource-name>
<description></description>
<url-pattern>/update_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>error</web-resource-name>
<description></description>
<url-pattern>/error</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_new_contract</web-resource-name>
<description></description>
<url-pattern>/main_new_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_reports</web-resource-name>
<description></description>
<url-pattern>/main_reports</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>report_criteria</web-resource-name>
<description></description>
<url-pattern>/report_criteria</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>report_result</web-resource-name>
<description></description>
<url-pattern>/report_result</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_upd_template</web-resource-name>
<description></description>
<url-pattern>/mass_upd_template</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_confirmation</web-resource-name>
<description></description>
<url-pattern>/update_confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>copy_confirmation</web-resource-name>
<description></description>
<url-pattern>/copy_confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>confirmation</web-resource-name>
<description></description>
<url-pattern>/confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update</web-resource-name>
<description></description>
<url-pattern>/mass_update</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_copy</web-resource-name>
<description></description>
<url-pattern>/mass_copy</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update_commit</web-resource-name>
<description></description>
<url-pattern>/mass_update_commit</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_copy_commit</web-resource-name>
<description></description>
<url-pattern>/mass_copy_commit</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update_result</web-resource-name>
<description></description>
<url-pattern>/mass_update_result</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>return_search_list</web-resource-name>
<description></description>
<url-pattern>/return_search_list</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_new_amend</web-resource-name>
<description></description>
<url-pattern>/update_new_amend</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>new_rate_update</web-resource-name>
<description></description>
<url-pattern>/new_rate_update</url-pattern>
</web-resource-collection>


<auth-constraint>
<role-name>contracts</role-name>
<role-name>contracts_admin</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<description></description>
<url-pattern>/admin</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>set_upload</web-resource-name>
<description></description>
<url-pattern>/set_upload</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>run_upload</web-resource-name>
<description></description>
<url-pattern>/run_upload</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>get_act_contracts</web-resource-name>
<description></description>
<url-pattern>/get_act_contracts</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>get_prod_codes</web-resource-name>
<description></description>
<url-pattern>/get_prod_codes</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>contracts_admin</role-name>
</auth-constraint>

</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>weblogic</realm-name>
</login-config>
<security-role>
<description>Contracts Team</description>
<role-name>contracts</role-name>
</security-role>

<security-role>
<description>Contracts Admininstrators</description>
<role-name>contracts_admin</role-name>
</security-role>

<security-role>
<description>Contracts guest readonly</description>
<role-name>contracts_guest</role-name>
</security-role>
</web-app>


Here is my web.xml , What should i comment out to avoid error 403 - Forbidden?

Please Help....Thank in Advance..
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you familiar with the contents of the web.xml file? if not, this may be a good time to familiarize yourself with everything that you can configure inside of it. The Servlet Specification contains descriptions of all the possible elements; after reading it you should be in a better position to remove the relevant elements.
 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am familiar with all the elements of web.xml. It's just i was trying from last two days and could get rid of 403 -- Forbidden Error.
so just thought if any one can help with the issue.

Thank you...
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure we'll help you. If you know the elements of web.xml it should be pretty easy. Which elements do you think may be responsible? Which ones have you tried removing? What were the results?
 
Gopikrishna Kunisetty
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you donot need login mechanism, you need not to configure your web.xml with the optional <login-config> element. So, try removing this part from your xml file.

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>weblogic</realm-name>
</login-config>

And let us know, if you are still facing any issues.
 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank You Gopikrishna for your positive response.

But i am still facing the same issues.. i am using Weblogic 10 and myEclipse 6. Below is the error message.

Please provide any input. Anyone's help would be greatly appreciated.

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

 
Gopikrishna Kunisetty
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please check your personal message.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64833
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please read this for more information.
 
Bebot Arnado
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the purpose on why you want to bypass the Security? Is your purpose is for testing so that you don't need to go on login?

Just comment the security-constraint code:

 
Gopikrishna Kunisetty
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
May be this might be the case for your error:

A 403 status code indicates that the client cannot access the requested resource. It means the wrong username and password were sent in the request, or that the permissions on the server do not allow what was being asked.

Ensure, that you are into a user group that has the access to the requested resource. Your user group should be in the <auth-constraint> element of corresponding web resource. Hope this will resolve your problem.
 
twinkle desai
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now, i have changed my weblogic server from 10 to 8.1.
i was able to deploy the App. i can also see the first page but now some of my jsp pages are showing error.
1. The error says "cannot instiate type collection"
2. Vector can not resolve to a type.

These error looks simple but when i try to solve one or the other way they still exists.

I did not create the App from scratch.I am not sure what is the issue..

Thank you all for help.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic