Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!

Sanjiv Kumar

+ Follow
since Jan 16, 2007
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Sanjiv Kumar

Dear Ranchers,

I pass the SCWCD exam with 76%. I only read the HFSJ book and did 3 mock exams.

My suggestions to ranchers who wants to take the SCWCD to stay focus on these as majority of questions were on

1. JSTL & JSP Custom tags.
2. Session Management
3. Security & Desin Pattern
4. EL
5. Web deployment.

Yes, read HFSJ throughlyand take it exam when you think you are ready. I read it for 2 weeks. It's a wonderful book and so is the writers.

To boost your score take all the mock exams and get your hands on other certification books as well.

My next goal to get through SCBCD (3/9)

Thanks to all the ranchers to make this website really useful. I truly appreciate all your help. I couldn't have done it without your help.

Sanjiv Kumar
Declarative Authentication is via the <login-config> (or using request.getRemoteUser() programmatically )

Based on your login preference you can choose any four methods (BASIC,DIGEST,CLIENT-CERT or FORM)
�For testing I go with BASIC. you can specify users and roles in the \Tomcat 5.0\conf\tomcat-users.xml file.
�<user username="abc" password="xyz" roles="manager "/>
�<user username="def" password="def" roles="admin,manager "/>

In your web.xml you can define the

<login-config> <auth-method> BASIC</auth-method></<login-config>

This will take care of your Authentication.

1.The first step to do Authorization is define roles. In tomcat you can define roles in \Tomcat 5.0\conf\tomcat-users.xml file

You define these roles in web.xml so that container can map roles to user


2.Now you can define which resources/methods you want to constraint that you do in web.xml file using security-constraint(declaratively )

Here I authorize only admin role to view a particular page

<role-name>admin </role-name>

now some with admin role is authorize to view the page. Ex user �abc� may logon but can�t access only user �def� can. I am not listing any methods that means all the methods on this page are constrained

It�s Authentication first (you are who you say you are) then Authorization (you can access what your role determines)

Hope this helps