This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Web app security

 
Duran Harris
Ranch Hand
Posts: 608
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have configured a role called Master in tomcat-users and I have the following in my web.xml file:



The thing is...nothing seems to be happening...?If I create a form that posts to another page within Duran(the webapp)..the security doesn't work..the POST just goes through.
Even if I explicitly constrain the resource like <url-pattern>/Duran/mypage.html</url-pattern>Or even if I set the url-pattern to /*
Help?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
maybe a typo in the tomcat-user...

note that role are case sensitive (i think)
 
Duran Harris
Ranch Hand
Posts: 608
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the users file:
 
vivek srivastava
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well, its working for me. could you please check which http method you are using.
if you are trying to fech a page then it will be GET and here in your web.xml there is no constraint for GET.
Try to put <http-method>GET </http-method> and see if it is working or not.
 
Duran Harris
Ranch Hand
Posts: 608
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you were right....
Get wasn't constrained..Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic