• Post Reply Bookmark Topic Watch Topic
  • New Topic

Declarative security in web.xml?? is this secure??

 
Paul Yen
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Recently, I was doing the example on chapter 9 in SCWCD Exam Study Kit book. I tried to put security requirements on web.xml and run the program. Only the first time, it run exactly the result the same as book. If I tried to refresh and run again, it told me that "Access to the requested resource has been denied". It will work properly again only if I shutdown the server and turn on again. I use Java TM Web Services Developer Pack 1.3. Therefore I am so counfused about this, is this a secure way to protect the servlet??
The below is my code on web.xml and html page.
XML:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>declarative security test</web-resource-name>
<url-pattern>/servlet/SecureServlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/formlogin.html</form-login-page>
<form-error-page>/formerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>supervisor</role-name>
</security-role>
</web-app>
HTML:
<form method="POST" action="servlet/SecureServlet">
<input type="text" name="username">
<input type="submit" value="OK">
</form>
 
Ivan Matmati
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "work properly"? What does not work in other case?
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!