Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

single page rentry point in web application using servlet  RSS feed

 
Prabhat Ranjan
Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am trying to understand , lets see i have a web page with login.jsp and once i do successfuly login

login.jsp page then go to next page. like student.jsp or student.do

so i wnat if someone accidently entered directly student.do without login then student.do page should re-direct to login.jsp if login was not previously done.

how can i achive this in web.xml , what are the change i need to do.

Regards,
Prabhat
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65825
134
IntelliJ IDE Java jQuery Mac Mac OS X
 
Ishan Pandya
Ranch Hand
Posts: 228
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can also use <security-constraints> in your web.xml
 
Alex Theedom
Author
Ranch Hand
Posts: 77
5
Java Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One option is to use form based authentication as in the following:

Define in the web.xml a login.html page and an error page that is displayed if the username and password is incorrect.



Defining roles

This can be done in the <role> element in tomcat-users.xml.



Define the security roles in the web.xml using the <security-role> element.



All roles must be declared in order to be used in the web.xml and the component code. Each <security-role> tag can contain only one <role-name>.

Defining resource and method constraints



Roles declaration in annotations

Or you could do the same via annotations.

These annotations have the same purpose as those defined in the deployment descriptor but apply to just the servlet on which they are declared. Roles can be declared on any servlet implementing the javax.servlet.Servlet interface.



This annotation is specified on a class, and it is typically used to define roles that could be tested (for example, by calling isUserInRole) from within the methods of the annotated class. This annotation is not used to link application roles to other roles. When such linking is necessary, it is accomplished by defining an appropriate security-role-ref in the associated deployment descriptor. When a call is made to isUserInRole from the annotated class, the caller identity associated with the invocation of the class is tested for membership in the role with the same name as the argument to isUserInRole. If a security-role-ref has been defined for the argument role-name, the caller is tested for membership in the role mapped to the role-name.

Now when someone visits UserServlet/student.jsp or any of it subdirectories they will be directed to the login.html page if they are not currently logged in.

 
Prabhat Ranjan
Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks , this is have done before using tomcat-users.xml and providing the roles in web.xml using security constraint , but it prompts every time we hit the login page.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!