wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Creating Form Based Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Creating Form Based Security" Watch "Creating Form Based Security" New topic
Author

Creating Form Based Security

Eric Bic
Greenhorn

Joined: Apr 12, 2004
Posts: 7
Hi, im having trouble making my login page to work, my directory looks as following (Im using Tomcat by the way so everything is in the webapps directory):
Test/index.jsp
login.html
loginerror.html
Manager.html
User.html
Test/WEB-INF/web.xml
in the index page i ask a user to go to the Manager.html or User.html,
ive specified seciruty constraints for the manager in the web.xml file, so i was expecting to be redirected to the login page when trying to access the manager.html but it just goes straight to the Manager.html without asking for login, my web.xml looks as following:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>LoginForm</display-name>
<description>An application that makes use of a user-defined login form
</description>
<security-constraint>
<web-resource-collection>
<web-resource-name>Manager</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<description>Let only managers use this app</description>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>The role of manager is one that can use our application.
</description>
<role-name>manager</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
is there something ive missed, some jar? i dont know im new to this, i would really apprecieate some help
Eric
Dirk Schreckmann
Sheriff

Joined: Dec 10, 2001
Posts: 7023
Eric,
Welcome to JavaRanch!
We ain't got many rules 'round these parts, but we do got one. Please change your display name to comply with The JavaRanch Naming Policy.
Thanks Pardner! Hope to see you 'round the Ranch!


[How To Ask Good Questions] [JavaRanch FAQ Wiki] [JavaRanch Radio]
Eric Bic
Greenhorn

Joined: Apr 12, 2004
Posts: 7
someone? anyone? its a really simple questiong
 
jQuery in Action, 2nd edition
 
subject: Creating Form Based Security
 
Similar Threads
<user-data-constraint> working example
Doubt on authentication
Form-based Security
HTTP Status 403 Access to the requested resource has been denied
How to secure my page