aspose file tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "Authentication" Watch "Authentication" New topic
Author

Authentication

MaheshS Kumbhar
Ranch Hand

Joined: Sep 24, 2009
Posts: 188
posted private message
0
Quote
To get authentication working, we must use


In addition to that, if we dont specify element inside then this tells the Container to allow unauthenticated access to URL's matching to element inside .

So does this mean that specifying only element in DD is not enough to allow authentication working, it needs to be used in combination with element too to get authentication working.

I am slow but sure
Frits Walraven
Rancher

Joined: Apr 07, 2010
Posts: 1043

I like...
Android Chrome Eclipse IDE
posted private message
0
Quote
Hi MaheshS,

does this mean that specifying only <login-config> element in DD is not enough to allow authentication working, it needs to be used in combination with


That is correct.

There is a subtle difference between:
  • Allowing everybody -> so no <auth-constraint>
  • Allowing known users -> <auth-constraint> with <role-name> of *

    • Regards,
    Frits
     
    I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
     
    subject: Authentication
     
    Similar Threads
    Mistake in HFSJ? : Without auth-constraint and with role-name * in auth constraint
    Converting Tomcat App to Websphere 7 -> Custom security login
    How authorization constraint effects authentication?
    web.xml security constraint won't work with roles
    <login-config> in DD