This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Authentication" Watch "Authentication" New topic
Author

Authentication

MaheshS Kumbhar
Ranch Hand

Joined: Sep 24, 2009
Posts: 188
To get authentication working, we must use


In addition to that, if we dont specify element inside then this tells the Container to allow unauthenticated access to URL's matching to element inside .

So does this mean that specifying only element in DD is not enough to allow authentication working, it needs to be used in combination with element too to get authentication working.


I am slow but sure
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1624
    
  23

Hi MaheshS,

does this mean that specifying only <login-config> element in DD is not enough to allow authentication working, it needs to be used in combination with


That is correct.

There is a subtle difference between:
  • Allowing everybody -> so no <auth-constraint>
  • Allowing known users -> <auth-constraint> with <role-name> of *

  • Regards,
    Frits
     
     
    subject: Authentication
     
    Similar Threads
    <login-config> in DD
    How authorization constraint effects authentication?
    web.xml security constraint won't work with roles
    Mistake in HFSJ? : Without auth-constraint and with role-name * in auth constraint
    Converting Tomcat App to Websphere 7 -> Custom security login