• Post Reply Bookmark Topic Watch Topic
  • New Topic

Securing Application  RSS feed

 
Ravinder S Edhan
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everybody,

I'm trying to secure my application using, username/password method.

For this I'm reading HF JSP & Servlet. As per the book, I made following changes to tomcat-user.xml & web.xml files. But still my application is not asking for the username/password. It's directly opening the index.htm file. I also restarted the server after making the changes.

tomcat-user.xml
<role rolename = "Guest" />
<user username = "guest" password = "guest" roles = "Guest" />


web.xml
<security-role>
<role-name>Guest</role-name>
</security-role>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

Please help.

Also, if anyone have idea of Weblogic server. In which file(s)(vendor), we have to specify the username/password/role(s).

Cheers
Ravinder
 
Thomas Mcfarrow
Ranch Hand
Posts: 137
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe you are missing the security-constraint too.....

Example (this is in web.xml)


Regards
[ May 12, 2005: Message edited by: Thomas Mcfarrow ]
 
Ravinder S Edhan
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Thomas,

I had placed the security-constraint too. But still in vain.
Will browsering for the same, I came across that we have to configure server.xml also. I made relevent changes ... but no results.
At present following is the server.xml file:

<Server port="8005" shutdown="SHUTDOWN" debug="0">
<Service name="Catalina">
<Connector
port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="8009"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost" debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">


<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
</Host>

</Engine>

</Service>

</Server>

Cheers
Ravinder
 
Ravinder S Edhan
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys...

I succeded in getting the username and password window(default - Basic Authentication). The problem was that I had not properly placed the <security-contraint>, <login-config> and <security-role>. You must have to specify the tags in proper sequence. The above specified sequence is the correct one.

It worked in both for Tomcat and Weblogic servers. Now the problem I'm facing is that in Weblogic I don't know in which xml file, have to specify the "username/password"? Like in Tomacat, the file is "tomcat-users.xml" under
"config" folder. If anybody knows please help.

cheers
Ravinder
 
Ravinder S Edhan
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ..

Successful in getting username/password - Basic Authentication ...

Following are the steps to do it .... Also the above steps are necessary.

http://e-docs.bea.com/wls/docs81/security/thin_client.html#1033295
Also check http://e-docs.bea.com/wls/docs81/secwlres/usrs_grps.html

Cheers
Ravinder
[ May 16, 2005: Message edited by: Ravinder S Edhan ]
 
John Smith Junk
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How I can do the BASIC Authentication in WebSphere and WSAD 5.1?

I do know how to put the user/password to which xml config file?

Any help...please ..Thanks....

James
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"John Smith Junk",

There aren't may rules that have been put into place here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
Forum Bartender
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!