Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Web.xml security constraints  RSS feed

 
Rohit Dhodapkar
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can we have security contraints applied to a folder in a webapp deplyed on Weblogic app server.
My web app structure is as below

Can I restrict reports folder to allow access only to user belonging to a particular role. Security constraint element which defines this in the web.xml is given below.

<security-constraint>

<web-resource-collection>

<web-resource-name>entireWebSite</web-resource-name>
<description>protects the entire web site.</description>
<url-pattern>/reports/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>PARS_Giro_Recon_Mngr</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

</security-constraint>

When I access the page it gives a page not found error.

[BPS: Added ubb code tags to dir structure]
[ September 29, 2006: Message edited by: Ben Souther ]
 
Durgaprasad
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yu cannot.

what you can dois use logical names for your jsp inside the report folder. Yu can do this using "jspfile" child tag in the servlet tag. Use the mactching url-pattern to restrict the access
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Durgaprasad,
Welcome to JavaRanch!

We're pleased to have you here with us in the servlets forum, but there
are a few rules that need to be followed, and one is that proper names are
required. Please take a look at the
JavaRanch Naming Policy and
adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

You can change it here
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!