• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security in RSS Feeds

 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am implementing RSS Feeds using JAVA. I could implement it successfully by creating XML file required for Feeds in Tomcat Server. But i am not able to implement any kind of security. I need users to enter some kind of credentials before they receive RSS Feeds. Else i need to fetch the mail id from the outlook ( RSS Reader in my case ) and display details depending on the mail id. Will it be possible to fetch this ?
Please help me .
Any ideas ?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Normally you'd serve the RSS feeds from Java code (likely through a servlet), and could then apply normal HTTP authentication which you'd define in web.xml.

Instead of creating the XML "manually", I'd advise to look into the Rome library, which is the standard for creating RSS feeds in Java.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi . I have created all XML manually. It is very difficult to change everything now.Because implementation of entire project is over.
So kindly tell me how i can proceed with it for security issues. How do i use web.xml for implementing security.. I am totally new to this and i have no idea how to proceed with it .. so throw me some light on it
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Google for "servlet security", and read the relevant documentation of your servlet container, like http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html for Tomcat.

And most importantly, in your next project -and all the ones that follow until the end of your career-, design and implement security from the beginning, not as an afterthought.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Still i havenot found solution for it. I think this can not be achieved with Server security. Because, It is just a static XML file which i create in Server which i am referring from RSS reader..
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using Microsoft outlook as my RSS Reader . It will be useful if i can take mail id of the user who has logged in . Depending on the mail id, i will display the contents.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Still i havenot found solution for it. I think this can not be achieved with Server security. Because, It is just a static XML file which i create in Server which i am referring from RSS reader..


What, exactly, have you tried? Servlet security can absolutely be applied to static files.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ,
Thanks for your help.
I dont have a web application . I have a simple java program which generates a XML file. I am storing this XML file in web server. I am adding this XML file from outlook RSS Reader. How servlets can be used in this case ?

My URL for accessing this XML file will be like http://Server/filename
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I didn't say to use servlets, I said to use servlet security. Since you're using Tomcat you can configure servlet security in the web.xml file of the web app from where you're serving these files.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I could see in many web sites that "HTTP Authentication" can be used for this. But i am not able to understand how exactly it can be achieved.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, servlet security implements HTTP authentication. Have you read the page I linked to yet?
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes.. I have gone through the link.. But i dont know how it will be useful for a static XML file.. Java program will run periodically and change contents of the XML file.. How HTTP authentication can be used in this case ?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It doesn't matter how and when the file gets created or updated. If you configure web.xml correctly, then servlet security protects it; have you tried doing that?
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you mean web.xml file of Tomcat server. ?
I am new to it. Sorry if i am disturbing you
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If i apply these settings to web.xml of Tomcat, will all the applications in the same tomcat server will be affected ?
I want only this XML file to get affected.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, I'm talking about the web.xml file of the web app that contains these files; it only affects that one web app.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Thanks for your reply. It is not web application . it is just a XML file in server which will be accessed from outside. No program or anything involved as such. Only for the creation of this XML file , Java is involved.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"no program is involved" and "server" seems to be a contradiction - how does the outside world get at the file if not through a server? In your first post you mentioned Tomcat; are you now saying that's not actually involved? Also, RSS works over HTTP - how can there be no HTTP server involved?
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a Tomcat server. Inside the folder for this Tomcat server , I am keeping my XML file. This file is acccessed through URL like http://servername/filename.xml...


Here i dont know how to implement security. web.XML file. There is one JAVA program which creates XML Content and creates this XML file using FileoutputStream.

 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Here i dont know how to implement security. web.XML file.


That's what the link in my second post is all about. The file we're talking about is webapps/ROOT/WEB-INF/web.xml

There is one JAVA program which creates XML Content and creates this XML file using FileoutputStream.


Like I said, that doesn't matter.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Thanks a lot for your help..

So i need to make changes in the web.xml file inside webapps folder of tomcat directory?

How should i proceed with it ?
Being new to industry, I am getting much confused.

Thanks a lot for help again
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

So i need to make changes in the web.xml file inside webapps folder of tomcat directory?


Yes

How should i proceed with it?


If you're not familiar with servlet security, I'd start by reading up on that. If you don't have a good book on servlets/JSP handy, googling for that should get you many results. And, of course, you need to become familiar with the page I've mentioned several times by now. To get going, use a MemoryRealm.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ,
Thanks .
But i am not able to understand much
Can you just give me an overview ?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you understand? Which books have you consulted?
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ,

I went through the link given by you. I could not make much out of it. As i am new to all this , I am not able to understand. It will be much helpful if you can give me an overview of what needs to be done .. Sorry for disturbing you..



If i perform this , will it ask for username and password when i add RSS feeds to Microsoft outlook ?


 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I went through the link given by you. I could not make much out of it. As i am new to all this , I am not able to understand. It will be much helpful if you can give me an overview of what needs to be done


That link explains the Tomcat side of it. It won't make much sense if you don't understand what servlet security is all about. The servlet specification explains the basics, but it's not much good as a tutorial. I strongly recommend you get a good book on servlets (Head First Servlets & JSP is a popular one). Security is serious business, and you really need to understand what's going on; trying to give a lesson on that in a forum like this is not really possible - that's what books are for.

If i perform this , will it ask for username and password when i add RSS feeds to Microsoft outlook ?


I don't know what, exactly, Outlook does, but for any access username and password will need to be provided.
 
Madhumitha Baskaran
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The book you suggested was very useful. I got it working.

It is prompting for username and password when i add RSS feed in outlook.

Is it possible to know "who has logged in" by any way?
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic