[Logo]
Forums Register Login
Security Problem
I am trying out the some examples on security chapter in HFSJ:

What has to given in the <url-pattern> of the <security-constraint>?
My web appln folder structure:


In the <url-pattern>, I have given <url-pattern>/SCWCD/*</url-pattern>..sso all the resources are constrained.. whether it is correct or we have to use the url-pattern in the servlet mapping thing here?

I am not getting the alert for user name and password, although I have used <login-auth>BASIC</login-auth>.. why..?

Below is my coding:

tomcat-users.xml


web.xml


Whether by using <login-auth>BASIC</login-auth> will automatically asks for username and password, if we are trying to call the contrainted resources.. I given all the resources under SCWCD to be constrainted..but still I din't get the alert for user name and passwrd ..what will be problem..?
The element is named "security-constraint", not "security-constraints" - there is an extra "s" at the end.
I have changed the security-constraints to security-constraint.. but still it's not working. and why at deploy time it doesn't show the error in the web.xml?
any help regaring this post..?
Is SCWCD your context root?

I think you dont have to include it in the url pattern.

Try /* instead of /SCWCD/*
Do you have any resource mapped to the URL pattern "/SCWCD/*"? If yes, it should be secured. I think you aim to secure all resources in the webapp. If yes, I think you should be using "/* " instead as suggested earlier.
Thanks Jesus Angeles,Satya Maheshwari.. Now it's working...

But if I want to constraint the particular resource (JSP/Servlet)..how can I do it?
Whether it will be like this: (for particular servlet)
/SCWCD/WEB-INF/classes/com/example/web/SampleServlet.java

(for all servlets)
/SCWCD/WEB-INF/classes/com/example/web/*

I have tried Just now the following: I have the jsp for the application form filling:

I want to constraint this JSP.. which at web-apps\SCWCD\ApplnForm.jsp

I have given the url-pattern as /SCWCD/*, whether it is correct?

And also whether we can constraint any files JSP/HTML/JAVA/XML.. or we can constraint only servlets.. because it's associate with http methods?
[ January 16, 2007: Message edited by: Micheal John ]
An unsolicited advice: if you havent completed the head first book, continue it first. Some of the issues you are having would be answered as you read the book.

This thread has been viewed 765 times.

All times above are in ranch (not your local) time.
The current ranch time is
Sep 25, 2018 08:49:52.