*
The moose likes Servlets and the fly likes How to block all the URL's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to block all the URL Watch "How to block all the URL New topic
Author

How to block all the URL's

Ankur Srivastav
Ranch Hand

Joined: Aug 31, 2009
Posts: 57

I have the following web.xml

--

<servlet-mapping>
<servlet-name>MainServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Book</web-resource-name>
<url-pattern>/</url-pattern>
<!-- <http-method>GET</http-method> -->
</web-resource-collection>
<auth-constraint>
<role-name>AppAdmin</role-name>
<role-name>HRAdmin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/WEB-INF/jsp/formlogin.jsp</form-login-page>
<form-error-page>/WEB-INF/jsp/formerror.jsp</form-error-page>
</form-login-config>
</login-config>

What I am trying to do is for any URL request to this App like http://localhost:8083/servletbookapp/ the user should get authenticated. But that is not happening unless I specify some specific pattern like
<url-pattern>/test</url-pattern>

Kindly suggest if I should make any changes ...


Sun Certified Java Programmer v 1.4
Oracle Certified Associate, Java SE 7 Programmer
JEE 5 Web Component Developer Certified Professional
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

This mapping:

<url-pattern>/*</url-pattern>

means that all request are routed to your servlet. All of them. That includes requests for images, stylesheets, script files and the like.

Is that really what you want?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ankur Srivastav
Ranch Hand

Joined: Aug 31, 2009
Posts: 57

Yes I am trying a single controller example and want everything routed via that servlet. Problem is it goes to that servlet without authenticating.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

So your servlet is also going to be responsible for all images, stylesheets and script files?
Ankur Srivastav
Ranch Hand

Joined: Aug 31, 2009
Posts: 57

Yes it will.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

That's just odd. What's the reasoning?
Ankur Srivastav
Ranch Hand

Joined: Aug 31, 2009
Posts: 57

I am just trying an example.. its not a real use case.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

I'd think that it would be a better learning exercise if it were a tad more realistic.
 
Consider Paul's rocket mass heater.
 
subject: How to block all the URL's
 
Similar Threads
Adding users and roles
How to configure multiple security-constraint elements in web.xml
Keep having to login with container based authentaction.
security-constraint
How authorization constraint effects authentication?