I want a simple example of a secured folder of a JSP application. The folder named "admin" should be accessed only by a user named "verwalter" (I dont use the user named "admin" as there ist already such a user in Glassfish).
I program an app with an index.jsp. There is a link to the a subfolder admin to the file adminSeite.html. Besides the index.jsp there are login.jsp and error.jsp. login jsp has the following form in it:
error.jsp tells if entry fails.
In the Glassfish-Console (localhost:4848) I declare a user "verwalter" with password "verwalter" in the realm "file". I create a group "verwalterGruppe" with a random name. Here it is not possible to assign the user to a role (although some EE tutorials say that roles are defined in Glassfish)
web.xml: Definition of roles (to my opinion) and resources (paths):
sun-web.xml: mapping role defined in web.xml to user and group defined in admin console of glassfish.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
If I want to run the app, I cannot login with user verwalter and pass verwalter. The indicated url is:
I am not sure about the definition of roles and resouces. Are roles defined in web.xml, or are there predifined roles in Glassfish (admin and user), as many tutorials suggest? My I name resources deliberately?