aspose file tools*
The moose likes Websphere and the fly likes Declarative security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "Declarative security" Watch "Declarative security" New topic
Author

Declarative security

PradeepPillai Pradeep
Ranch Hand

Joined: Nov 15, 2005
Posts: 184
I was trying to secure one servlet and I have a login.jsp for collecting the user name and password from the user. I made the changes in the web.xml and I don�t know how to create users on the server (test server, if possible thru WSAD5.1) and turn the security on. I am posting the relevant portion of my web.xml. Somebody please help.
Thanks in advance.


- <security-constraint>
<display-name>constraintSSL</display-name>
- <web-resource-collection>
<web-resource-name>login page resource</web-resource-name>
<description />
<url-pattern>/login.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
- <auth-constraint>
<description />
<role-name>everyone</role-name>
</auth-constraint>
- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
- <security-constraint>
<display-name>non SSL constraint</display-name>
- <web-resource-collection>
<web-resource-name>secured servlet resource</web-resource-name>
<description />
<url-pattern>/MemberS</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
- <auth-constraint>
<description />
<role-name>authenticated_user</role-name>
</auth-constraint>
- <user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
- <login-config>
<auth-method>FORM</auth-method>
- <form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
- <security-role>
<description />
<role-name>everyone</role-name>
</security-role>
- <security-role>
<description />
<role-name>authenticated_user</role-name>
</security-role>
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
The process of creating users, and of connecting them to roles is not standardized. You'll have to consult the documentation of your servlet container for this.


Ping & DNS - my free Android networking tools app
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
In case of Tomcat , releams take care of the actual authentication.The default is memory relam .For this the username , password , roles are stored in tomcat-user.xml located under /conf directory.Modify the xml to create users.


Rahul Bhattacharjee
LinkedIn - Blog
PradeepPillai Pradeep
Ranch Hand

Joined: Nov 15, 2005
Posts: 184
I have the roles mapped in the application.xml. But I am not suere how to create users and assign roles. Any help is appreciated. My application.xml is given below.

- <security-role id="SecurityRole_1166034718687">
<description />
<role-name>everyone</role-name>
</security-role>
- <security-role id="SecurityRole_1166034736145">
<description />
<role-name>authenticated_user</role-name>
</security-role>
PradeepPillai Pradeep
Ranch Hand

Joined: Nov 15, 2005
Posts: 184
Thank you for all the reply. Just one clarification, this is webspere server I am talking about. Anyone who knows how to create users and assign roles could get in, that would be greately appreciated.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42599
    
  65
As this question is really about how to set up WebSphere, I'll transfer it over to the WebSphere forum.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Declarative security