Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem implementing Security-Constraint in tomcat 5.0.28

 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am trying to constrain access to a file jstlChoose.do, which is a jsp and I have mapped it to jstlChoose.do in web.xml.
As per what I have read, <security-constraint> element in web.xml does this job. I did the following in my web.xml

-----------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>JSTL Choose</web-resource-name>
<url-patterns>/jstlChoose.do</url-patterns>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
--------------------------------------------------------------

I have added admin and manager roles in tomcat-users.xml. Now, if I understand correctly only admin and manager are allowed to call GET method on this jstlChoose.do. but when I try to access this file using

http://localhost:8080/TestJSP/jstlChoose.do

instead of getting the authentication screen, I am able to see the result.
Am I doing something wrong? Do I have to set some variable to a user role first and then try accessing this file? I am really confused...
Any help is welcome,

Regards,

Sushma
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic