Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to add authentication on my jsp page

 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am building a web application that have admin user and non admin user...Now in my main page I have a design that I also want to be the design for the non admin users. For example if I have a view jsp page with a edit and a delete button if you are admin user, I dont want this button to appear of you dont have the admin roles... How to do this?thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use the <c:if> and <c:choose> set of JSTL tags to make decisions about what to include in the page or not.
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you refer me a link for an example?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out the Apache Shiro library. It provides (amongst much other security functionality) JSP tags for authenticated and unauthenticated users, making the process even simpler than using the standard JSTL tags: http://shiro.apache.org/
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shiro looks really interesting. It's not a package I'd heard of before. Thanks for the tip, Ulf. I'll be checking it out.
 
Nithiyanantham Gowri
Greenhorn
Posts: 1
MyEclipse IDE MySQL Database PHP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
http://shiro.apache.org/
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
for authentication...
why not you are using web.xml ??
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Im really new on developing web using jsp. I really need a basic sample based on user authentication...
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you may use authentication using web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you explain me what these code does?Is it the same with the asp.net that restricts the folder content for the specified user?
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you have 4 types of authentication mechanism that is..

BASIC :: this one provides BASIC authentication .. and encode the user name and password provided by the user,, IT PROVIDES VERY WEAK AUTHENTICATION
DIGEST :: its an upgraded version of BASIC ,, still not much use
CLIENT_CERT :: its provides good AUTHENTICATION ,, but client must have SOME CERTIFICATES
FORM BASED :: its needs FORM of login information..

1. first of all in your REALM you have to define the login information of the user.. like user name and password
2. then in your DD you have to define the user ROLES
3. and then you can use the above code in your DD,, it provides AUTHENTICATION , AUTHORIZATION , CONFIDENTIALITY and INTEGRITY...

1. realm is a tomcat-users.xml file .. you have to edit it to define your users..
<role rolename="Admin" />
<role rolename="Member" />
<user username="Shivam" password="shivam" roles="Admin, Member" />

2. <login-config>
//DEFINING THE AUTHENTICATION METHOD <auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html<form-error-page>
</form-login-config>
</login-config>

<security-role>
<role name>Admin<role-name>
<role name>Member<role-name>
</security-role>


3.

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>

in the above code 3 the role name ADMIN can doPost on my servlet in the directory named WEB_INF/shivam and no one like Member can doPost on the same resource ,, BUT including ADMIN ,, member can doGet , doHead , doTrace on the resurce


with regards
SHIVAM SINGHAL
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
shivam singhal wrote:DIGEST :: its an upgraded version of BASIC ,, still not much use

Since I'm not sure what you mean by "not much use", I want to clarify that DIGEST employs strong cryptography - from that point of view it is much better than, for example, FORM based auth - which provides no encryption unless it's used in conjunction with HTTPS. The unfortunate truth about DIGEST is that there are still browser/server combinations that not support it, although they're becoming rare these days.
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oks..

thanks ulf..
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic