File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Problem with security constraints while doing authentication & authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problem with security constraints while doing authentication & authorization" Watch "Problem with security constraints while doing authentication & authorization" New topic
Author

Problem with security constraints while doing authentication & authorization

Jyoti Vaskar
Ranch Hand

Joined: Jun 30, 2009
Posts: 142
Hi everybody,

I have declared roles in xml files as below, doing authorization (using tomcat).

in tomcat-users.xml



in web.xml (of my application-Jyoti)




It is not working for the described constraints?

What's wrong with this declarations?

If I give url pattern for the directory in "E:\Tomcat6.0\webapps\Jyoti\WEB-INF\classes\web"
as
<url-pattern>/Jyoti/classes/web/*</url-pattern> or <url-pattern>/Jyoti/web/*</url-pattern>

then too it's not working.

Am I doing it in right way?

Wat's wrong? What is the solution instead?


Also will it do authentication as well?

Can anybody please explain?


thanks
Jyo
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41155
    
  45
If I give url pattern for the directory in "E:\Tomcat6.0\webapps\Jyoti\WEB-INF\classes\web"
as
<url-pattern>/Jyoti/classes/web/*</url-pattern> or <url-pattern>/Jyoti/web/*</url-pattern>

Nothing that's inside of WEB-INF will be served directly to the client anyway, so there's no point in trying to protect it. (As an aside, neither of the two patterns matches the directory path - you can't just omit random parts of the path.)

<url-pattern>/Control/*</url-pattern>

Try "/Control" instead.


Ping & DNS - my free Android networking tools app
Jyoti Vaskar
Ranch Hand

Joined: Jun 30, 2009
Posts: 142
Ulf Dittmer wrote:Try "/Control" instead.


I have tried "/Control"

Now it's doing

but still

access is denied for declared users (jyo,nitin,deep etc.)
in tomcat-user file.

wats wrong again ???
Jyoti Vaskar
Ranch Hand

Joined: Jun 30, 2009
Posts: 142

Hi,

is there anybody who can explain what's wrong in this xml declaration???

I have declared <auth-constraint> for only Administrator ("jyo" is Administrator - declared in tomcat-user file).

In my application access is denied for everybody (weather Guest, Member or Administrator or any other user) irrespective of it's role?

Where I'm going wrong??
Soumil Shah
Ranch Hand

Joined: Jul 13, 2009
Posts: 54
everything seems to be correct...
Chinmaya Chowdary
Ranch Hand

Joined: Apr 21, 2008
Posts: 432
Hi Jyoti.
I think the problem lies in the tomcat-users.xml file. Remove this and try.

and also in
<?xml version='1.0' encoding='cp1252'?>
I think some browsers don't support this encoding. In that case replace 'encoding' attribute with 'utf-8'.
Jyoti Vaskar
Ranch Hand

Joined: Jun 30, 2009
Posts: 142
Chinmaya Chowdary wrote:Hi Jyoti.
I think the problem lies in the tomcat-users.xml file. Remove this and try.

and also in
<?xml version='1.0' encoding='cp1252'?>
I think some browsers don't support this encoding. In that case replace 'encoding' attribute with 'utf-8'.


thank you Chinmay.

I'll try it .
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Problem with security constraints while doing authentication & authorization
 
Similar Threads
HTTP Status 403 Access to the requested resource has been denied
Unable to access the servlet even on entering username/password set in tomcat-users.xml
username and password are not getting verified by tomcat
web security not working as expected,
Basic Authentication Does Not Work Properly