• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Declarative security in web.xml?? is this secure??

 
Paul Yen
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Recently, I was doing the example on chapter 9 in SCWCD Exam Study Kit book. I tried to put security requirements on web.xml and run the program. Only the first time, it run exactly the result the same as book. If I tried to refresh and run again, it told me that "Access to the requested resource has been denied". It will work properly again only if I shutdown the server and turn on again. I use Java TM Web Services Developer Pack 1.3. Therefore I am so counfused about this, is this a secure way to protect the servlet??
The below is my code on web.xml and html page.
XML:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>declarative security test</web-resource-name>
<url-pattern>/servlet/SecureServlet</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/formlogin.html</form-login-page>
<form-error-page>/formerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>supervisor</role-name>
</security-role>
</web-app>
HTML:
<form method="POST" action="servlet/SecureServlet">
<input type="text" name="username">
<input type="submit" value="OK">
</form>
 
Ivan Matmati
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "work properly"? What does not work in other case?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic