• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

web security not working as expected,

 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have written two index.jsp files in /Beer/AddRecipe and /Beer/ReviewRecipe/ folders. And one index.html in the application context. And have done changes to the tomcat-usres.xml

tomcat-users.xml looks like as follows.



Line 3,4,5,6,7 were there previously. All other things I have done.

And the wrote web.xml which looks as follows



But the problem is when I type in http://localhost:8080/testauth1/Beer/AddRecipe/index.jsp or http://localhost:8080/testauth1/Beer/ReviewRecipe/index.jsp it is not doing any authentication or authorization. Is there any thing wrong with my xml files. and Another thing do I have to remove role name in tomcat-users.xml that were there previously.


It works for the first time. But next time it doesn't as for username and password
 
Ranch Hand
Posts: 437
Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Anil.

You have not made resouce '/Beer/ReviewRecipe/' as constrained. If you made, it will work.

It works for the first time. But next time it doesn't ask for username and password



For the first request, tomcat creates session object and sets the time period of 30 min's(default time period of tomcat) and adds it to the cookie object and sends it to the client. Next time client will communicate to the tomcat via. cookie(JSESSIONID cookie).

For the second request if we want authentication, delete cookie at the browser side and send request.

 
Anil Deshpande
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the clarification on why it doesn't work for next requests. Another thing , I have written security-constraint in line number 23 to 37. I worked fine.
 
Try 100 things. 2 will work out, but you will never know in advance which 2. This tiny ad might be one:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic