Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security related web.xml elements - small tips

 
Joe Harry
Ranch Hand
Posts: 10124
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,

Here's a simple way to remember the 3 big elements of the web.xml related to security,

<security-constraint>
1) It identifies what resource we are securing...<web-resource-collection>
2) What roles can access the resource...<auth-constraint>
3) How the resource is to be transmitted across the network...<user-data-constraint>

<login-config>
1) It defines what authentication mechanism is to be used...<auth-method>

<security-role>
1) It catalog's any security roles in use by the web application...<role-name>

Hope this helps for newbees!
[ April 13, 2007: Message edited by: Jothi Shankar Kumar Sankararaj ]
 
Joe Harry
Ranch Hand
Posts: 10124
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The reason I posted this is because I never worked with security and it is our deployers who does all this and many times I found it hard to remember all the sub elements and so on. Now after knowing it like the way above, I'm able to remember it always without any error. This will definitely help me in the exam...
 
Neo Phesus
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jothi Sankar,

If I am not deviating the objective of this post, I would like to know for a form based authentication, How could I authenticate an user from the list of user name and password credentials from the database without using the tomcat users XML file??

I am pretty new to this, so there may be lotz of loop holes even in my question or even the question is itself silly

Thanks for your time.

Regards
[ April 15, 2007: Message edited by: Neo Phesus ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will have to refer to the documentation of your container.
The following wiki gives you links to the relevant pages :
http://jspwiki.org/wiki/TomcatAuthentication
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Neo,

what you're looking for is either a JDBCRealm or a DataSourceRealm. (Note that the page Satou linked to talks about JspWiki integration with Tomcat, so there's some stuff that wouldn't apply to your web app.)

The Tomcat FAQ has a section on container-based authentication.
[ April 15, 2007: Message edited by: Ulf Dittmer ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Note that the page Satou linked to talks about JspWiki integration with Tomcat, so there's some stuff that wouldn't apply to your web app.)

True. I was only pointing out to the links in that page. I paste them here for clarification (which I should have done at the first post) :
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html
 
Neo Phesus
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Ulf and Satou

Man, I love this forum
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic