aspose file tools*
The moose likes Servlets and the fly likes How to add authentication on my jsp page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to add authentication on my jsp page" Watch "How to add authentication on my jsp page" New topic
Author

How to add authentication on my jsp page

paul alvin
Greenhorn

Joined: Nov 15, 2012
Posts: 15
I am building a web application that have admin user and non admin user...Now in my main page I have a design that I also want to be the design for the non admin users. For example if I have a view jsp page with a edit and a delete button if you are admin user, I dont want this button to appear of you dont have the admin roles... How to do this?thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60082
    
  65

Use the <c:if> and <c:choose> set of JSTL tags to make decisions about what to include in the page or not.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
paul alvin
Greenhorn

Joined: Nov 15, 2012
Posts: 15
Can you refer me a link for an example?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
Check out the Apache Shiro library. It provides (amongst much other security functionality) JSP tags for authenticated and unauthenticated users, making the process even simpler than using the standard JSTL tags: http://shiro.apache.org/


Ping & DNS - updated with new look and Ping home screen widget
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60082
    
  65

Shiro looks really interesting. It's not a package I'd heard of before. Thanks for the tip, Ulf. I'll be checking it out.
Nithiyanantham Gowri
Greenhorn

Joined: Jan 24, 2013
Posts: 1

http://shiro.apache.org/
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 194

for authentication...
why not you are using web.xml ??
paul alvin
Greenhorn

Joined: Nov 15, 2012
Posts: 15
Im really new on developing web using jsp. I really need a basic sample based on user authentication...
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 194

you may use authentication using web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>
paul alvin
Greenhorn

Joined: Nov 15, 2012
Posts: 15
Can you explain me what these code does?Is it the same with the asp.net that restricts the folder content for the specified user?
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 194

you have 4 types of authentication mechanism that is..

BASIC :: this one provides BASIC authentication .. and encode the user name and password provided by the user,, IT PROVIDES VERY WEAK AUTHENTICATION
DIGEST :: its an upgraded version of BASIC ,, still not much use
CLIENT_CERT :: its provides good AUTHENTICATION ,, but client must have SOME CERTIFICATES
FORM BASED :: its needs FORM of login information..

1. first of all in your REALM you have to define the login information of the user.. like user name and password
2. then in your DD you have to define the user ROLES
3. and then you can use the above code in your DD,, it provides AUTHENTICATION , AUTHORIZATION , CONFIDENTIALITY and INTEGRITY...

1. realm is a tomcat-users.xml file .. you have to edit it to define your users..
<role rolename="Admin" />
<role rolename="Member" />
<user username="Shivam" password="shivam" roles="Admin, Member" />

2. <login-config>
//DEFINING THE AUTHENTICATION METHOD <auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html<form-error-page>
</form-login-config>
</login-config>

<security-role>
<role name>Admin<role-name>
<role name>Member<role-name>
</security-role>


3.

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>

in the above code 3 the role name ADMIN can doPost on my servlet in the directory named WEB_INF/shivam and no one like Member can doPost on the same resource ,, BUT including ADMIN ,, member can doGet , doHead , doTrace on the resurce


with regards
SHIVAM SINGHAL
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
shivam singhal wrote:DIGEST :: its an upgraded version of BASIC ,, still not much use

Since I'm not sure what you mean by "not much use", I want to clarify that DIGEST employs strong cryptography - from that point of view it is much better than, for example, FORM based auth - which provides no encryption unless it's used in conjunction with HTTPS. The unfortunate truth about DIGEST is that there are still browser/server combinations that not support it, although they're becoming rare these days.
shivam singhal
Ranch Hand

Joined: Jul 15, 2012
Posts: 194

oks..

thanks ulf..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to add authentication on my jsp page
 
Similar Threads
How to disable back button in jsp page using js
Dynamic Forms
Logout page
information required JSP page integration
Remove browser cache