aspose file tools*
The moose likes Tomcat and the fly likes Problem implementing Security-Constraint in tomcat 5.0.28 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Problem implementing Security-Constraint in tomcat 5.0.28" Watch "Problem implementing Security-Constraint in tomcat 5.0.28" New topic
Author

Problem implementing Security-Constraint in tomcat 5.0.28

Sushma Sharma
Ranch Hand

Joined: Jun 02, 2005
Posts: 139
Hi,

I am trying to constrain access to a file jstlChoose.do, which is a jsp and I have mapped it to jstlChoose.do in web.xml.
As per what I have read, <security-constraint> element in web.xml does this job. I did the following in my web.xml

-----------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>JSTL Choose</web-resource-name>
<url-patterns>/jstlChoose.do</url-patterns>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
--------------------------------------------------------------

I have added admin and manager roles in tomcat-users.xml. Now, if I understand correctly only admin and manager are allowed to call GET method on this jstlChoose.do. but when I try to access this file using

http://localhost:8080/TestJSP/jstlChoose.do

instead of getting the authentication screen, I am able to see the result.
Am I doing something wrong? Do I have to set some variable to a user role first and then try accessing this file? I am really confused...
Any help is welcome,

Regards,

Sushma
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Problem implementing Security-Constraint in tomcat 5.0.28