Win a copy of Spring Boot in Practice this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

login-config question

 
Ranch Hand
Posts: 365
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Question from JWeb:
Jweb says the coreect answers are 1, 2 + 3.
I answered 2, 3 + 4.
Didn't think 2 was right--form-login without form security sepcified. thought 4 was right because container would use default form-login page. Can someone please explain this to me?
thanks,
max

Which of the following XML frgaments correctly define the login-config element of web.xml?
1.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
</login-config>
2.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

3.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
4.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
</login-config>
5.
<login-config>
<auth-method>SECURE</auth-method>
<realm-name>test</realm-name>
</login-config>
 
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tried case 4. I did not seen any default form came out. How do you know there is default one for the form method.
 
Desperado
Posts: 3226
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For number 4 to be correct, you'd have to specify the login and login-error pages, right?
As in (from Tomcat 4):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/login/login.jsp</form-login-page>
<form-error-page>/jsp/security/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
 
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Max,
I quoted element definition from Servlet Specification 2.3.We can
see the subelement "form-login-config" is optional.So I think the answer is:1,2,3,4;
But,in Servlet Specification 2.3,I can not find the statement that the container will use default login page and error page if
we do not provide the definition of form-login-config.
In fact,Tomcat 4.0 has an example in /jsp/security/protected/*.If
I deleted the subelement "form-login-config" from examples/WEB-INF/web.xml,I found that I can not run http://localhost:8080/examples/jsp/security/protected/index.jsp.
So I think the answer maybe only 2,3.
What is the correct answer?Please help.
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
<!ELEMENT form-login-config (form-login-page, form-error-page)>
ruijin yang
 
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Max,
I think 1 is a right option as the <form-login-config> element is a must only if the type of authentication mechanism is FORM,
in case it is CLIENT_CERT it becomes an optional element!!! therefore 1,2 and 3 r the right choice
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic