• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

single page rentry point in web application using servlet  RSS feed

 
Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am trying to understand , lets see i have a web page with login.jsp and once i do successfuly login

login.jsp page then go to next page. like student.jsp or student.do

so i wnat if someone accidently entered directly student.do without login then student.do page should re-direct to login.jsp if login was not previously done.

how can i achive this in web.xml , what are the change i need to do.

Regards,
Prabhat
 
Marshal
Posts: 67163
169
IntelliJ IDE Java jQuery Mac Mac OS X
 
Ranch Hand
Posts: 228
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can also use <security-constraints> in your web.xml
 
Author
Posts: 114
11
Java Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One option is to use form based authentication as in the following:

Define in the web.xml a login.html page and an error page that is displayed if the username and password is incorrect.



Defining roles

This can be done in the <role> element in tomcat-users.xml.



Define the security roles in the web.xml using the <security-role> element.



All roles must be declared in order to be used in the web.xml and the component code. Each <security-role> tag can contain only one <role-name>.

Defining resource and method constraints



Roles declaration in annotations

Or you could do the same via annotations.

These annotations have the same purpose as those defined in the deployment descriptor but apply to just the servlet on which they are declared. Roles can be declared on any servlet implementing the javax.servlet.Servlet interface.



This annotation is specified on a class, and it is typically used to define roles that could be tested (for example, by calling isUserInRole) from within the methods of the annotated class. This annotation is not used to link application roles to other roles. When such linking is necessary, it is accomplished by defining an appropriate security-role-ref in the associated deployment descriptor. When a call is made to isUserInRole from the annotated class, the caller identity associated with the invocation of the class is tested for membership in the role with the same name as the argument to isUserInRole. If a security-role-ref has been defined for the argument role-name, the caller is tested for membership in the role mapped to the role-name.

Now when someone visits UserServlet/student.jsp or any of it subdirectories they will be directed to the login.html page if they are not currently logged in.

 
Prabhat Ranjan
Ranch Hand
Posts: 397
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks , this is have done before using tomcat-users.xml and providing the roles in web.xml using security constraint , but it prompts every time we hit the login page.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!