Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!

Sanjiv Kumar

Greenhorn
+ Follow
since Jan 16, 2007
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Sanjiv Kumar

Dear Ranchers,

I pass the SCWCD exam with 76%. I only read the HFSJ book and did 3 mock exams.

My suggestions to ranchers who wants to take the SCWCD to stay focus on these as majority of questions were on

1. JSTL & JSP Custom tags.
2. Session Management
3. Security & Desin Pattern
4. EL
5. Web deployment.

Yes, read HFSJ throughlyand take it exam when you think you are ready. I read it for 2 weeks. It's a wonderful book and so is the writers.

To boost your score take all the mock exams and get your hands on other certification books as well.

My next goal to get through SCBCD (3/9)

Thanks to all the ranchers to make this website really useful. I truly appreciate all your help. I couldn't have done it without your help.

Regards
Sanjiv Kumar
Declarative Authentication is via the <login-config> (or using request.getRemoteUser() programmatically )

Based on your login preference you can choose any four methods (BASIC,DIGEST,CLIENT-CERT or FORM)
�For testing I go with BASIC. you can specify users and roles in the \Tomcat 5.0\conf\tomcat-users.xml file.
�<user username="abc" password="xyz" roles="manager "/>
�<user username="def" password="def" roles="admin,manager "/>

In your web.xml you can define the

<login-config> <auth-method> BASIC</auth-method></<login-config>

This will take care of your Authentication.


1.The first step to do Authorization is define roles. In tomcat you can define roles in \Tomcat 5.0\conf\tomcat-users.xml file

You define these roles in web.xml so that container can map roles to user

<security-role>
<role-name>manager</role-name>
<role-name>admin</role-name>
</security-role>

2.Now you can define which resources/methods you want to constraint that you do in web.xml file using security-constraint(declaratively )

Here I authorize only admin role to view a particular page
<security-constraint>
<web-resource-collection>
<web-resource-name>xxx</web-resource-name>
<url-pattern>/hobby.do</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>admin </role-name>
</auth-constraint>
<user-data-constraint>
<transport-gurantee>CONFIDENTIAL</transport-gurantee>
</user-data-constraint>
</security-constraint>

now some with admin role is authorize to view the hobby.do page. Ex user �abc� may logon but can�t access hobby.do only user �def� can. I am not listing any methods that means all the methods on this page are constrained

Summary
It�s Authentication first (you are who you say you are) then Authorization (you can access what your role determines)

Hope this helps