This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes IDEs, Version Control and other tools and the fly likes security-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » IDEs, Version Control and other tools
Bookmark "security-constraint" Watch "security-constraint" New topic
Author

security-constraint

Ashish Malik
Ranch Hand

Joined: Jul 11, 2010
Posts: 50
I am trying to secure a page by allowing only authenticated viewing. But when i apply <security-constraint> in my app's web.xml file...i could not open any file...not even index.html . It shows 404 "not found error". However app runs fine without security constraint but without authentication!

My web.xml file looks like...

<security-constraint>
<web-resource-collection>
<web-resource-name>EmployeeSpecific</web-resource-name>
<url-pattern>/employee/loginTarget.html</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>

<auth-contstraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>empLogin.html</form-login-page>
<form-error-page>loginError.html</form-error-page>
</form-login-config>

</login-config>

<security-role>
<role-name>employee</role-name>
</security-role>



My app directory is like...

tomcat > webapps > ash > WEB-INF > web.xml
ash > index.html
ash > empLogin.html
ash > employee > loginTarget.html
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

You've got a typo in one of the tags : auth-contstraint -> auth-constraint


[My Blog]
All roads lead to JavaRanch
Ashish Malik
Ranch Hand

Joined: Jul 11, 2010
Posts: 50
Ohhh...donno how this error crept in here...but its not in my app's web.xml file...
Ashish Malik
Ranch Hand

Joined: Jul 11, 2010
Posts: 50
I saw somewhere about...MemoryRealm implementation in tomcat.
however i didnt got that concept of realms but...the article said... to implement user authentication your tomcat > conf > server.xml should have following phrase uncommented....

<Realm className="org.apache.catalina.realm.MemoryRealm" />

However i didnt find anything with MemoryRealm thing!

Please help...i think the problem is smwhere here only!
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Check Tomcat's logs. There might be an error at startup.
Ashish Malik
Ranch Hand

Joined: Jul 11, 2010
Posts: 50
Thanks a lot...i checked the server logs at startup and found the error.
Was some sematic error in web.xml file

But now i got another mysterious error...
i cannot authorize after bieng autenticated.

I added a custom login form to my app. Also made changes to tomcat-user.xml to add a new role and user/password.
When i enter wrong username /password the error page is displayed but at entering right uid/password i get "403- accesss denied" error. It happens even with "manager" app!

my tomcat-user.xml reads:
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="employee" />
<role rolename="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="Ashish" password="bookworm" roles="employee" />
<user username="root" password="secret" roles="manager"/>
</tomcat-users>


web.xml file is posted above! That contains security-constraints.
Ashish Malik
Ranch Hand

Joined: Jul 11, 2010
Posts: 50
another semantic error!

now corrected....
 
GeeCON Prague 2014
 
subject: security-constraint