How to implement j_security_check

Hi everybody, I am learning how to implement j_security_check. For this I visited two web sites namely
http://onjava.com/onjava/2002/06/12/form.html
http://directory.apache.org/apacheds/1.0/42-apache-tomcat.html
I am using tomcat6.0 web server
I did not get how to implement this in total. I understood some part of only. Can anybody help me where can I learn it in detail.

This is what I have understood from reading those:

WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>J_Security_Check</display-name>
  <welcome-file-list>
    <welcome-file>/login.jsp</welcome-file>
  </welcome-file-list>

<login-config>
  	<auth-method>FORM</auth-method>
  		<form-login-config>
  			<form-login-page>/login.jsp</form-login-page>
  			<form-error-page>/error.jsp</form-error-page>
  		</form-login-config>
  </login-config>
  
  
  <security-constraint>
  	<web-resource-collection>
  		<web-resource-name>AdminPages</web-resource-name>
  		<url-pattern>/admin/*</url-pattern>
  		<http-method>POST</http-method>
  	</web-resource-collection>
  	<auth-constraint>
  		<role-name>ADMINISTRATOR</role-name>
  	</auth-constraint>
  </security-constraint>

</web-app>

META-INF/context.xml

WebContent/login.jsp

WebContent/error.jsp

WebContent/admin/index.jsp

Please help me.
Thank you all in advance.

Is there nobody to help me?

PatienceIsAVirtue

At first glance I don't see a security-role element in the web.xml file where you define the ADMINISTRATOR role.

You'll also need to configure a Tomcat Realm for LDAP: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm

Dittmer: Sir can you please suggest me one web site where I can learn it in detail.

Thank you in advance

Hi,

In web.xml

<url-pattern> pattern is *.jsp, now all jsp is restricted access to authorized user only.
I think your index.jsp is at root of web application...

and you have given <http-method>POST</http-method> in <web-resource-collection> tag,
this means POST request only authenticate the user & I think you are calling by typing URL in browser that is GET request.
so you should add GET request support as added above.

If you want detail behavior of this you can get it from HFSJ's security chapter....

Shailesh Narkhede wrote:If you want detail behavior of this you can get it from HFSJ's security chapter....

Hi Shailesh, thanks for your reply, from where can I get that chapter.

Thank you in advance

from where can I get that chapter.

You can buy it right here: http://www.amazon.com/exec/obidos/ASIN/0596516681/jr_bunk-20. It's also available as part of Safari Books Online.

Ulf Dittmer wrote:

from where can I get that chapter.

You can buy it right here: http://www.amazon.com/exec/obidos/ASIN/0596516681/jr_bunk-20. It's also available as part of Safari Books Online.

Thank you Dittmer