This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Rust Web Development and have Bastian Gruber on-line!
See this thread for details.
Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Problem implementing Security-Constraint in tomcat 5.0.28

 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am trying to constrain access to a file jstlChoose.do, which is a jsp and I have mapped it to jstlChoose.do in web.xml.
As per what I have read, <security-constraint> element in web.xml does this job. I did the following in my web.xml

-----------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>JSTL Choose</web-resource-name>
<url-patterns>/jstlChoose.do</url-patterns>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>guest</role-name>
</security-role>
--------------------------------------------------------------

I have added admin and manager roles in tomcat-users.xml. Now, if I understand correctly only admin and manager are allowed to call GET method on this jstlChoose.do. but when I try to access this file using

http://localhost:8080/TestJSP/jstlChoose.do

instead of getting the authentication screen, I am able to see the result.
Am I doing something wrong? Do I have to set some variable to a user role first and then try accessing this file? I am really confused...
Any help is welcome,

Regards,

Sushma
 
WHAT is your favorite color? Blue, no yellow, ahhhhhhh! Tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic