jsp authentication problem

Hi,

I am practising JSP. I have a a problem with JSP authentication with spring source tool suite 2.5.
I have few JSPs in a folder, while accessing the application in tomcat it is not asking for any credentials. It simply displays the jsp which should not.

The code is as follows:
- test
admin(folder)
enter.jsp
validate.jsp
store.jsp
confirmation.jsp.
DD file(web.xml)
<code>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>ch_13</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>validateFields</taglib-uri>
<taglib-location>/WEB-INF/tagLibraries/customLib.tld</taglib-location>
</taglib>
</jsp-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/test/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ORA Examples</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
</code>

Please, do the neeful.

Thanks and Regards,
sathish.g.

Which URL are you accessing that you think should be protected?

Hi,

Thank you very much for the reply

Actually I created a web project named test. Under test I created a folder under root named admin. under this folder there are some jsps that need to be protected. So, I defined the security mechanism as per described in the web.xml file. when I execute the application in local tomcat it is not asking for any credentials.

the url I tried to access is: http://localhost:8080/test/admin/enter.jsp.

Also I checked the book examples. They are working fine. I'm not finding up the mistake.

Please, help the needful.

Thanks and Regards,
sathish kumar.g.

Remove the web app name from the url-pattern: <url-pattern>/admin/*</url-pattern>

Hi,

Thank you very much for the help
Its working buddy. But what is the difference. If we give it is only context name. Please explain if possible...

Thanks and Regards,
sathish kumar.g.

The difference is between a correct path and an incorrect path. If <taglib-location> in your web.xml doesn't include the web app name, why would <url-pattern>? All such paths are relative to the web app root.