huy nguyen

Greenhorn
+ Follow
since Mar 13, 2004
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by huy nguyen

Hi Srinivasa,

You can protect all your JSP resources by doing in the following way:
- In your Application Deployment Descriptor (application.xml), define one role used for access to your JSPs (eg: JSP_ACCESS) without assigning it to any group or user.
- Then in your Web Deployment Descriptor, add a security constraint to the JSP_ACCESS role by putting these lines:
<security-constraint>
<web-resource-collection>
<web-resource-name>JSP Resource</web-resource-name>
<description></description>
<url-pattern>/jsp/*</url-pattern>
<http-method>
GET</http-method>
<http-method>
PUT</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>JSP_ACCESS</role-name>
</auth-constraint>
</security-constraint>

In which /jsp/* means you want to protect all the file in jsp folder (under Web Content)
If you locate your more JSP resource in other folder, you can add more
<url-pattern>/pages/*</url-pattern>

That's all to protect your JSPs directly access.

Good luck !
Huy

Originally posted by Srinivasa Kakumanu:
In our project we are using Struts 1.1. So far we didn't had any security implemented. Trying to implement J2EE security using Form Based authentication and Custom User Regitry for authorization. I have been able to configure the CUR in WAS 5.1 server configuration. I see that when I try to login I see the CUR is authenticating it. Here is the issue I am having .....

When I try to go to http://localhost:9080/web, I see my home page displayed which is welcome screen that is shown after a user is logged in. All our jsps are not under WEB-INF.

- I have defined in web.xml in welcome-file list as /general/home .... this is the home page tile.
- <login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>welcome.jsp</form-login-page>
<form-error-page>/general/errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
welcome.jsp has simple statement that redirects to welcome.do that forwards to index page tile i.e my login page.

But what I don't understand is why the home page is displayed without being first redirected to my index tile? All the roles are defined in web.xml and groups are defined in ejb.xml. Can someone shed some light here? and direct me to some website that shows step by step how to implement J2EE security with Struts and tiles.



[ November 03, 2004: Message edited by: huy nguyen ]
[ November 03, 2004: Message edited by: huy nguyen ]
19 years ago
OK Chad !
The first problem can be solved as following:
- When going back to previous pages, link to some Action that mapping to the page's path (also its ActionForm). Call the method reset(...) of ActionForm. Then the value will be reseted. You can also call your own function to clear it.
The second:
- OK, you can use th way as some replies posted, by caching...
One way you can do is storing information of the pages when submitting to some variables. And then when you reforward to it, it will display your old value.
If you still fail with your code, plz contact me as: huynt@fsoft.com.vn
Good luck !
HuyNT
20 years ago
Hi all,
I've implemented a custom user regitry using JDBC to connect to a user table in Oracle database. However, I still failed to get it up. It always crashed after calling the method public WSCredential createCredential(String pattern) (I let it return null as recommended).
When configuring WAS using Custom Registry, the default class is FileRegistrySample (existed in default package: wssec.jar) , it run properly. But when I get source file FileRegistrySample.java from IBM site, and compile it to class but replace to the name HuyRegistry . Put it to the lib of WAS. It does not run and throws errors at the above method (createCredential)(I put System.out inside this method). Some errors like:
[3/13/04 17:03:01:797 GMT+07:00] 648c961d SystemOut O #####GET REALM:customRealm
[3/13/04 17:03:01:797 GMT+07:00] 648c961d UserRegistryI A SECJ0136I: Custom Registry:com.ibm.websphere.security.HuyRegistry has been initialized
[3/13/04 17:03:02:250 GMT+07:00] 648c961d SystemOut O #######Check PASS:huynt FOR USER:huynt
[3/13/04 17:03:02:250 GMT+07:00] 648c961d SystemOut O ##Create ....
[3/13/04 17:03:02:312 GMT+07:00] 648c961d Authenticatio E SECJ4001E: Login failed for huynt/<null> javax.security.auth.login.LoginException: e.getMessage()
at com.ibm.ws.security.server.lm.swamLoginModule.login(swamLoginModule.java:237)
at com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy.login(WSLoginModuleProxy.java:119)
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:607)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:124)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:543)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:540)
at javax.security.auth.login.LoginContext.login(LoginContext.java:450)
at com.ibm.ws.security.server.util.AuthenticationCache.login(AuthenticationCache.java:308)
at com.ibm.ws.security.server.util.AuthenticationCache.update(AuthenticationCache.jav
.............
Plz help me !
Well, if someone has implemented UserRegistry, plz inform me, or send me source about this.
Thanks alot,
Waiting for reply...
HuyNT
20 years ago