• Post Reply Bookmark Topic Watch Topic
  • New Topic

Basic Security  RSS feed

 
java Prog
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to incorporate basic security in my web application, I am using tomcat 4, mySql.
I have a html form which takes a username and password and passes this to a servlet, which then checks this against my database If the information is correct the user is taken to the logged in html page. This is all well and good, but the user is able to access my logged in html page by typing its url in directly. How can I protect individual files/servlet/directorys etc using what I have done so far?
 
Matthew Phillips
Ranch Hand
Posts: 2676
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
java Prog,
Javaranch has a naming policy which is strictly enforced. If you would like to continue posting here please change your display name to one that complies.
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This gives a basic overview of J2EE security on the web tier.

http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security4.html#67530

Even though this talks about servlets running in a full-blown App Server, most of this stuff is available to you in a plain Servlet container.

If you use Tomcat, there is an example that provides you with the web.xml setting you would need to use (around line 196)

Also look at the Realm configuration guide so you can make Tomcat use your existing database:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/realm.html

And more details about using container-managed security here:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!