• Post Reply Bookmark Topic Watch Topic
  • New Topic

Problem with security constraints while doing authentication & authorization  RSS feed

 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everybody,

I have declared roles in xml files as below, doing authorization (using tomcat).

in tomcat-users.xml



in web.xml (of my application-Jyoti)




It is not working for the described constraints?

What's wrong with this declarations?

If I give url pattern for the directory in "E:\Tomcat6.0\webapps\Jyoti\WEB-INF\classes\web"
as
<url-pattern>/Jyoti/classes/web/*</url-pattern> or <url-pattern>/Jyoti/web/*</url-pattern>

then too it's not working.

Am I doing it in right way?

Wat's wrong? What is the solution instead?


Also will it do authentication as well?

Can anybody please explain?

 
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

If I give url pattern for the directory in "E:\Tomcat6.0\webapps\Jyoti\WEB-INF\classes\web"
as
<url-pattern>/Jyoti/classes/web/*</url-pattern> or <url-pattern>/Jyoti/web/*</url-pattern>


Nothing that's inside of WEB-INF will be served directly to the client anyway, so there's no point in trying to protect it. (As an aside, neither of the two patterns matches the directory path - you can't just omit random parts of the path.)

<url-pattern>/Control/*</url-pattern>


Try "/Control" instead.
 
Jyoti Vaskar
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Try "/Control" instead.



I have tried "/Control"

Now it's doing

but still

access is denied for declared users (jyo,nitin,deep etc.)
in tomcat-user file.

wats wrong again ???
 
Jyoti Vaskar
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

is there anybody who can explain what's wrong in this xml declaration???

I have declared <auth-constraint> for only Administrator ("jyo" is Administrator - declared in tomcat-user file).

In my application access is denied for everybody (weather Guest, Member or Administrator or any other user) irrespective of it's role?

Where I'm going wrong??
 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
everything seems to be correct...
 
Ranch Hand
Posts: 437
Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jyoti.
I think the problem lies in the tomcat-users.xml file. Remove this and try.

and also in

<?xml version='1.0' encoding='cp1252'?>

I think some browsers don't support this encoding. In that case replace 'encoding' attribute with 'utf-8'.
 
Jyoti Vaskar
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Chinmaya Chowdary wrote:Hi Jyoti.
I think the problem lies in the tomcat-users.xml file. Remove this and try.

and also in

<?xml version='1.0' encoding='cp1252'?>

I think some browsers don't support this encoding. In that case replace 'encoding' attribute with 'utf-8'.



thank you Chinmay.

I'll try it .
 
This parrot is no more. It has ceased to be. Now it's a tiny ad:
ScroogeXHTML 7.1 - RTF to HTML5 / XHTML converter
https://coderanch.com/t/690611/ScroogeXHTML-RTF-HTML-XHTML-converter
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!