Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Need help to understand and implement basic web app security

 
Ali Gordon
Ranch Hand
Posts: 182
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am learning basic web app security from "head first jsp and servlets". There is no code for the security app except web.xml and tomcat-users.xml settings. I followed the book and tried to make my own code, but I am not able to control access to my web app.

Anyone can access it despite setting the roles in tomcat-users.xml and editing web.xml. Please help me to understand this and complete my example. I am using Eclipse kepler and Tomcat 6.0.

Eclipse project:



Expectation: Run start.html and click the submit button to access SecureServlet. Container should ask you for a login to access that servlet. If the login matches the one in web.xml settings, then you are shown the secret.jsp page.

Output: There is no security. You can see secret.jsp without entering any login.

Tomcat-users.xml:


web.xml: Put the code in both tomcat's web.xml and my web app's web.xml to be safe.



Html start page:



Servlet:



Secret.jsp:


 
Ali Gordon
Ranch Hand
Posts: 182
Eclipse IDE Hibernate Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay, I feel so stupid for not noticing this mistake -



It should be capital S, i.e SecretServlet.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!