Forums Register Login
Security Problem
I am trying out the some examples on security chapter in HFSJ:

What has to given in the <url-pattern> of the <security-constraint>?
My web appln folder structure:

In the <url-pattern>, I have given <url-pattern>/SCWCD/*</url-pattern>..sso all the resources are constrained.. whether it is correct or we have to use the url-pattern in the servlet mapping thing here?

I am not getting the alert for user name and password, although I have used <login-auth>BASIC</login-auth>.. why..?

Below is my coding:



Whether by using <login-auth>BASIC</login-auth> will automatically asks for username and password, if we are trying to call the contrainted resources.. I given all the resources under SCWCD to be constrainted..but still I din't get the alert for user name and passwrd ..what will be problem..?
The element is named "security-constraint", not "security-constraints" - there is an extra "s" at the end.
I have changed the security-constraints to security-constraint.. but still it's not working. and why at deploy time it doesn't show the error in the web.xml?
any help regaring this post..?
Is SCWCD your context root?

I think you dont have to include it in the url pattern.

Try /* instead of /SCWCD/*
Do you have any resource mapped to the URL pattern "/SCWCD/*"? If yes, it should be secured. I think you aim to secure all resources in the webapp. If yes, I think you should be using "/* " instead as suggested earlier.
Thanks Jesus Angeles,Satya Maheshwari.. Now it's working...

But if I want to constraint the particular resource (JSP/Servlet)..how can I do it?
Whether it will be like this: (for particular servlet)

(for all servlets)

I have tried Just now the following: I have the jsp for the application form filling:

I want to constraint this JSP.. which at web-apps\SCWCD\ApplnForm.jsp

I have given the url-pattern as /SCWCD/*, whether it is correct?

And also whether we can constraint any files JSP/HTML/JAVA/XML.. or we can constraint only servlets.. because it's associate with http methods?
[ January 16, 2007: Message edited by: Micheal John ]
An unsolicited advice: if you havent completed the head first book, continue it first. Some of the issues you are having would be answered as you read the book.
A "dutch baby" is not a baby. But this tiny ad is baby sized:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database

This thread has been viewed 814 times.

All times above are in ranch (not your local) time.
The current ranch time is
Mar 25, 2019 11:53:16.