This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Neat Way of Writing my web.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Neat Way of Writing my web.xml" Watch "Neat Way of Writing my web.xml" New topic

Neat Way of Writing my web.xml

Dean Chester
Ranch Hand

Joined: Jul 26, 2009
Posts: 31
I Currently have my web.xml file looking like this:

Before I had this yet i need to keep reauthorizing my self:

So i ask is there anyway i can get this to work?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959

Yow! I'm all for container-based security, but this is a bit much. Did you assign a unique security role for each user?

About the most number of roles I've ever needed was 8. Something like: anonymous (not logged in), user, app_administrator, sysadmin, programmer, auditor, data_loader, scoring_table_modiifier and querent.

If I really needed more distinct roles than that, I'd probably do them fine-grained and add supporting logic.

I also normally zone out my URLs. For example, all admin functionality is under /admin, so that I can do a pattern-matched rule check rather than a rule for each discrete URL.

Customer surveys are for companies who didn't pay proper attention to begin with.
I agree. Here's the link:
subject: Neat Way of Writing my web.xml
Similar Threads
request. get User Principal(). getName() do not retreive user name
Redirection after realm authentication
Form Authentication not working
Keep having to login with container based authentaction.
web.xml security constraint won't work with roles