This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I have written a HelloWorld servlet, it just returns "Hello World" to the client.
I am deploying this as .war module.
I want to secure this servlet i.e. when someone gives the URL to access this servlet, this should ask username/password before displaying Hello World i.e. I want to utilize Java / J2EE security model of WAS.
The servlet specification provides for a username/password/role scheme that every servlet container must support. The user interface is either a little dialog box in the browser where the user enters username and password, or there can be a cutom-designed login page. The latter approach is described here. Websphere would have a different mechanism of looking up user account information - consult the Websphere documentation for details. [ September 09, 2006: Message edited by: Ulf Dittmer ]
WebSphere is going to use the same security mechanism as any J2EE compliant application server.
Going about testing security may depend on where you're doing the testing. Testing on the embedded WAS test server is a little different from configuring security on a WAS application server.
My website has an awesome multimedia tutorial on how to turn WAS security on, configure the WebSphere Application Server to use an LDAP server for user authentication, and then deploy an application that uses security constraints to restrict access to Servlets and JSPs, and map the roles associated to the security constraints to users and groups in the LDAP server. It certainly shows you what's involved in configuring WAS 5 an WAS 6.1 security.
Joined: Feb 13, 2003
Can you mind us giving the website URL running multimedia on was security?
Joined: Feb 13, 2003
1. I have enabled administrator security in websphere. When I give the admin page, it asks me username/password, it works well. 2. I have written a HelloWorld servlet (deployed in websphere app server) and given the BASIC authentication mechanism in web.xml as follows:
<?xml version="1.0" encoding="ISO-8859-1"?>
< !DOCTYPE web-app<br /> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"<br /> "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app> <display-name>Examples</display-name> <description> Example servlets </description>
Thanks Guys. I coud solve the issues by doing the following:
1. I have given the username/password of my local Administrator in the user repositories. 2. I have enabled the global security. 3. I restarted the server; I could successfully enter my username/password and see the admin page. 4. After this, I deployed the servlet and in the security role I have given "AllAuthenticated" so that anyone who has username and password can enter and see the servlet. 5. This worked out very well. Now, the servlet is secured.
Also, I have noted that not only the web.xml changes is enough also, during the deployment, you have an option like "mapping the security to roles". I have check the check-box saying "AllAuthenticated", restarted the application, then only it worked.
Now, the question for me is that I am automating this process means I am writing a script/jacl/wsadmin through which I am going to deploy. I want to know which script/command is there to map the users to roles.