I have a
servlet like
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import java.util.HashMap;
public class SecureServlet extends HttpServlet {
Map<
String,String> persons;
protected void doGet(HttpServletRequest arg0,
HttpServletResponse arg1)
throws ServletException, IOException {
doPost(arg0,arg1);
}
public void init()throws ServletException {
persons = new HashMap<String,String>();
persons.put("sanjeevan","Analyst");
persons.put("sandeepan","Manager");
persons.put("subba rao","Asst Manager");
persons.put("velavan","Manager");
}
protected void doPost(HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
System.out.println("KKK");
String name = req.getParameter("personName");
out.println("<center>
Welcome to Basic Secured Servlet");
name = name.toLowerCase();
System.out.println(".."+name);
if(persons.containsKey(name)) {
String position = persons.get(name);
out.println("
The person asked is:"+name);
out.println("
The position is:"+position+"</center>");
}
else {
out.println("
The given :"+name+" is not there");
}
String authType = req.getAuthType();
System.out.println("**"+authType);
if(authType.equals("FORM"))
{
java.security.Principal pl = req.getUserPrincipal();
System.out.println(pl.getName());
}
out.close();
}
}
my web.xml configuration
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0"
metadata-complete="true">
<servlet>
<servlet-name>secure</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>mySecure</servlet-name>
<servlet-class>ManageSecureServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mySecure</servlet-name>
<url-pattern>/mesecure</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>secure</servlet-name>
<url-pattern>/secure</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>posting.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>one security
test</web-resource-name>
<url-pattern>/secure</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>sysadmin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<!--
<auth-method>BASIC</auth-method>
<realm-name>one security test</realm-name>
-->
<auth-method>FORM</auth-method>
<realm-name>one security test</realm-name>
<form-login-config>
<form-login-page>/formLogin.jsp</form-login-page>
<form-error-page>/formLogin.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>sysadmin</role-name>
</security-role>
</web-app>
i am using tomcat-users.xml as memory-realm
it is working with "BASIC"
but if FORM is given it is not retaining old request parameter's value and showing null
my sec.xml [context] file is
<Context path="/sec" docBase="D:\secureTest" reloadable="true" preemptiveAuthentication="true" >
</Context>
it is working fine in tomcat6
i will be thankful to know any additional steps are to be taken