Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Tomcat and the fly likes security.xml file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "security.xml file" Watch "security.xml file" New topic
Author

security.xml file

Vanchi Nathan
Ranch Hand

Joined: Feb 24, 2004
Posts: 107
Is there a xml file called "security.xml" that can be define to do security for an web application?
If so, where can i find the details of those elements that can be used in the security.xml file?
thanks in advance
vanchin


Best regards,<br /> <br />vanchin
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12760
    
    5
Are you talking about security in terms of what an application is allowed to do, or in terms of what an individual user is allowed to do?
You might look at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/index.html this tomcat documentation for several security related topics and the implementation in Tomcat.
Bill
Vanchi Nathan
Ranch Hand

Joined: Feb 24, 2004
Posts: 107
Hello,
Actually, I got a webapplication (war file); in it there is a "security.xml" file in 'WEB-INF' folder. The xml file contains the following contents...i don't know whether this configuration is correct... the "security.xml" contents is as follows:
-----------------
<security>
<security-bypass>
<url-pattern>/do/login</url-pattern>
<url-pattern>/do/notAuthorized</url-pattern>
</security-bypass>
<security-constraint>
<display-name>XPlanner View Constraints</display-name>
<web-resource-collection>
<web-resource-name>XPlanner Viewing</web-resource-name>
<url-pattern>/do/view/*</url-pattern>
<url-pattern>/do/export/*</url-pattern>
<url-pattern>/do/edit/person</url-pattern>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>viewer</role-name>
<role-name>editor</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>XPlanner Edit Constraints</display-name>
<web-resource-collection>
<web-resource-name>XPlanner Editing</web-resource-name>
<url-pattern>/do/edit/*</url-pattern>
<url-pattern>/do/delete/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>editor</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>editor</role-name>
</security-role>
<security-role>
<role-name>viewer</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
</security>
---------------
So, pl. help me to understand usage of this file...
thanks
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: security.xml file
 
Similar Threads
Struts 2 convertion type
Write file under /WEB-INF
I NEED HELP PLEASE - Add Signer Cert to WebSphere Server 7
Web Module null has been bound to default_host
struts, WAS and security.xml