• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Liutauras Vilda
Sheriffs:
  • Paul Clapham
  • Jeanne Boyarsky
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
Bartenders:
  • Jesse Duncan
  • Frits Walraven
  • Mikalai Zaikin

How to add authentication on my jsp page

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am building a web application that have admin user and non admin user...Now in my main page I have a design that I also want to be the design for the non admin users. For example if I have a view jsp page with a edit and a delete button if you are admin user, I dont want this button to appear of you dont have the admin roles... How to do this?thanks
 
Sheriff
Posts: 67645
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use the <c:if> and <c:choose> set of JSTL tags to make decisions about what to include in the page or not.
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you refer me a link for an example?
 
Rancher
Posts: 43028
76
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Check out the Apache Shiro library. It provides (amongst much other security functionality) JSP tags for authenticated and unauthenticated users, making the process even simpler than using the standard JSTL tags: http://shiro.apache.org/
 
Bear Bibeault
Sheriff
Posts: 67645
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Shiro looks really interesting. It's not a package I'd heard of before. Thanks for the tip, Ulf. I'll be checking it out.
 
Greenhorn
Posts: 1
MyEclipse IDE MySQL Database PHP
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
http://shiro.apache.org/
 
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
for authentication...
why not you are using web.xml ??
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Im really new on developing web using jsp. I really need a basic sample based on user authentication...
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you may use authentication using web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>
 
paul alvin
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you explain me what these code does?Is it the same with the asp.net that restricts the folder content for the specified user?
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you have 4 types of authentication mechanism that is..

BASIC :: this one provides BASIC authentication .. and encode the user name and password provided by the user,, IT PROVIDES VERY WEAK AUTHENTICATION
DIGEST :: its an upgraded version of BASIC ,, still not much use
CLIENT_CERT :: its provides good AUTHENTICATION ,, but client must have SOME CERTIFICATES
FORM BASED :: its needs FORM of login information..

1. first of all in your REALM you have to define the login information of the user.. like user name and password
2. then in your DD you have to define the user ROLES
3. and then you can use the above code in your DD,, it provides AUTHENTICATION , AUTHORIZATION , CONFIDENTIALITY and INTEGRITY...

1. realm is a tomcat-users.xml file .. you have to edit it to define your users..
<role rolename="Admin" />
<role rolename="Member" />
<user username="Shivam" password="shivam" roles="Admin, Member" />

2. <login-config>
//DEFINING THE AUTHENTICATION METHOD <auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html<form-error-page>
</form-login-config>
</login-config>

<security-role>
<role name>Admin<role-name>
<role name>Member<role-name>
</security-role>


3.

<security-constraint>
<web-resource-collection>
<web-resource-name>Resource Name</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collecion>

<auth-constraint>
<role-name>ADMIN<role-name>
</auth-constraint>
</security-constraint>

<user-data-constraint>
<transport-garuntee>CONFIDENTIAL</transport-garuntee>
<user-data-constraint>

in the above code 3 the role name ADMIN can doPost on my servlet in the directory named WEB_INF/shivam and no one like Member can doPost on the same resource ,, BUT including ADMIN ,, member can doGet , doHead , doTrace on the resurce


with regards
SHIVAM SINGHAL
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

shivam singhal wrote:DIGEST :: its an upgraded version of BASIC ,, still not much use


Since I'm not sure what you mean by "not much use", I want to clarify that DIGEST employs strong cryptography - from that point of view it is much better than, for example, FORM based auth - which provides no encryption unless it's used in conjunction with HTTPS. The unfortunate truth about DIGEST is that there are still browser/server combinations that not support it, although they're becoming rare these days.
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
oks..

thanks ulf..
 
pie. tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic