This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Servlets and the fly likes Web.xml - ByPass security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Web.xml - ByPass security" Watch "Web.xml - ByPass security" New topic
Author

Web.xml - ByPass security

twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
What are the steps to consider, when need to bypass security in Web Application?

Any help would be greately appreciated.

Thanks in advance for help...
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41599
    
  55
What do you mean by "bypass security"? What kind of security? And are you trying to bypass it, or are you trying to prevent that?


Ping & DNS - my free Android networking tools app
twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
What i meant is i do not want login info....in order to access the webapp..
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Are you asking this in perspective of the client or the server? If client, then that's not possible (if the web application is well designed). If server, then just disable it.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61092
    
  66

twinkle desai wrote:What i meant is i do not want login info....in order to access the webapp..

Then don't add any. There is no authentication unless you set up it up so.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
<?xml version="1.0" encoding="UTF-8"?>


<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<context-param>
<param-name>weblogic.servlet.reloadCheckSecs</param-name>
<param-value>0</param-value>
</context-param>

<context-param>
<param-name>weblogic.jsp.compile</param-name>
<param-value>javac</param-value>
</context-param>

<context-param>
<param-name>weblogic.jsp.keepgenerated</param-name>
<param-value>true</param-value>
</context-param>

<servlet>
<servlet-name>ContractsController</servlet-name>
<display-name>ContractsController</display-name>
<servlet-class>
com.hns.claims.apps.cam.controller.ContractsController
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>home</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>simple_search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>search_list</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>admin</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>clist</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>new_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>insert_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>modify_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>error</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>set_upload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>run_upload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>get_act_contracts</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>get_prod_codes</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_new_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_search</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>main_reports</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_criteria</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_result</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>report_result_excel</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_upd_template</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>copy_confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>confirmation</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_copy</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update_commit</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_copy_commit</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>mass_update_result</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>return_search_list</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>update_new_amend</url-pattern>
</servlet-mapping>


<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>delete_contract</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>rate_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>new_rate_update</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ContractsController</servlet-name>
<url-pattern>contract_question</url-pattern>
</servlet-mapping>


<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Index.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>"http://java.sun.com/regions"</taglib-uri>
<taglib-location>/WEB-INF/tlds/regions.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>"http://java.sun.com/iterator"</taglib-uri>
<taglib-location>/WEB-INF/tlds/iterator.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>conditional</taglib-uri>
<taglib-location>/WEB-INF/tlds/conditional.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>"http://java.sun.com/hnsforms"</taglib-uri>
<taglib-location>/WEB-INF/tlds/hnsforms.tld</taglib-location>
</taglib>

<security-constraint>
<web-resource-collection>
<web-resource-name>home</web-resource-name>
<description></description>
<url-pattern>/home</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>simple_search</web-resource-name>
<description></description>
<url-pattern>/simple_search</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>search</web-resource-name>
<description></description>
<url-pattern>/search</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>search_list</web-resource-name>
<description></description>
<url-pattern>/search_list</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>clist</web-resource-name>
<description></description>
<url-pattern>/clist</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>modify_contract</web-resource-name>
<description></description>
<url-pattern>/modify_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_search</web-resource-name>
<description></description>
<url-pattern>/main_search</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>contracts_guest</role-name>
<role-name>contracts_admin</role-name>
<role-name>contracts</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>new_contract</web-resource-name>
<description></description>
<url-pattern>/new_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>insert_contract</web-resource-name>
<description></description>
<url-pattern>/insert_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_contract</web-resource-name>
<description></description>
<url-pattern>/update_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>error</web-resource-name>
<description></description>
<url-pattern>/error</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_new_contract</web-resource-name>
<description></description>
<url-pattern>/main_new_contract</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>main_reports</web-resource-name>
<description></description>
<url-pattern>/main_reports</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>report_criteria</web-resource-name>
<description></description>
<url-pattern>/report_criteria</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>report_result</web-resource-name>
<description></description>
<url-pattern>/report_result</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_upd_template</web-resource-name>
<description></description>
<url-pattern>/mass_upd_template</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_confirmation</web-resource-name>
<description></description>
<url-pattern>/update_confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>copy_confirmation</web-resource-name>
<description></description>
<url-pattern>/copy_confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>confirmation</web-resource-name>
<description></description>
<url-pattern>/confirmation</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update</web-resource-name>
<description></description>
<url-pattern>/mass_update</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_copy</web-resource-name>
<description></description>
<url-pattern>/mass_copy</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update_commit</web-resource-name>
<description></description>
<url-pattern>/mass_update_commit</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_copy_commit</web-resource-name>
<description></description>
<url-pattern>/mass_copy_commit</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>mass_update_result</web-resource-name>
<description></description>
<url-pattern>/mass_update_result</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>return_search_list</web-resource-name>
<description></description>
<url-pattern>/return_search_list</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>update_new_amend</web-resource-name>
<description></description>
<url-pattern>/update_new_amend</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>new_rate_update</web-resource-name>
<description></description>
<url-pattern>/new_rate_update</url-pattern>
</web-resource-collection>


<auth-constraint>
<role-name>contracts</role-name>
<role-name>contracts_admin</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<description></description>
<url-pattern>/admin</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>set_upload</web-resource-name>
<description></description>
<url-pattern>/set_upload</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>run_upload</web-resource-name>
<description></description>
<url-pattern>/run_upload</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>get_act_contracts</web-resource-name>
<description></description>
<url-pattern>/get_act_contracts</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>get_prod_codes</web-resource-name>
<description></description>
<url-pattern>/get_prod_codes</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>contracts_admin</role-name>
</auth-constraint>

</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>weblogic</realm-name>
</login-config>
<security-role>
<description>Contracts Team</description>
<role-name>contracts</role-name>
</security-role>

<security-role>
<description>Contracts Admininstrators</description>
<role-name>contracts_admin</role-name>
</security-role>

<security-role>
<description>Contracts guest readonly</description>
<role-name>contracts_guest</role-name>
</security-role>
</web-app>


Here is my web.xml , What should i comment out to avoid error 403 - Forbidden?

Please Help....Thank in Advance..
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41599
    
  55
Are you familiar with the contents of the web.xml file? if not, this may be a good time to familiarize yourself with everything that you can configure inside of it. The Servlet Specification contains descriptions of all the possible elements; after reading it you should be in a better position to remove the relevant elements.
twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
I am familiar with all the elements of web.xml. It's just i was trying from last two days and could get rid of 403 -- Forbidden Error.
so just thought if any one can help with the issue.

Thank you...
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41599
    
  55
Sure we'll help you. If you know the elements of web.xml it should be pretty easy. Which elements do you think may be responsible? Which ones have you tried removing? What were the results?
Gopikrishna Kunisetty
Ranch Hand

Joined: Jun 12, 2008
Posts: 35
If you donot need login mechanism, you need not to configure your web.xml with the optional <login-config> element. So, try removing this part from your xml file.

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>weblogic</realm-name>
</login-config>

And let us know, if you are still facing any issues.


- Krishna<br /> SCJP 1.4 SCWCD 5
twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
Thank You Gopikrishna for your positive response.

But i am still facing the same issues.. i am using Weblogic 10 and myEclipse 6. Below is the error message.

Please provide any input. Anyone's help would be greatly appreciated.

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

Gopikrishna Kunisetty
Ranch Hand

Joined: Jun 12, 2008
Posts: 35
Please check your personal message.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61092
    
  66

Please read this for more information.
Bebot Arnado
Greenhorn

Joined: Feb 04, 2009
Posts: 6
What is the purpose on why you want to bypass the Security? Is your purpose is for testing so that you don't need to go on login?

Just comment the security-constraint code:



GreenLeaf
ReAch yOur GoAl wHile U hAve tImE.
OptImiZe and MaXiMize ResourCes whILe It is sTiLL FrEe
ThInK BeYonD
Gopikrishna Kunisetty
Ranch Hand

Joined: Jun 12, 2008
Posts: 35
May be this might be the case for your error:

A 403 status code indicates that the client cannot access the requested resource. It means the wrong username and password were sent in the request, or that the permissions on the server do not allow what was being asked.

Ensure, that you are into a user group that has the access to the requested resource. Your user group should be in the <auth-constraint> element of corresponding web resource. Hope this will resolve your problem.
twinkle desai
Greenhorn

Joined: Feb 21, 2006
Posts: 9
Now, i have changed my weblogic server from 10 to 8.1.
i was able to deploy the App. i can also see the first page but now some of my jsp pages are showing error.
1. The error says "cannot instiate type collection"
2. Vector can not resolve to a type.

These error looks simple but when i try to solve one or the other way they still exists.

I did not create the App from scratch.I am not sure what is the issue..

Thank you all for help.

 
jQuery in Action, 2nd edition
 
subject: Web.xml - ByPass security