Win a copy of OCP Java SE 8 Programmer II Exam Study Guide this week in the OCP forum!

Oscar Arnaiz

Greenhorn
+ Follow
since Aug 26, 2002
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Oscar Arnaiz

First of all, I apologize for post the same question in two different forums, but I new in JavaRanch and I don�t know how it works. Sorry.
I am using Tomcat 3.2.4. The method that I use to go from a page to another is by means of a Controller servlet and a hidden type input named "page" that represents the next page to go. That parameter is received for the Controller servlet and it converts to the real URL with: nextPage = getInitParam(request.getParameter("page"));
For example, a web.xml for a simple application where the adminPage.jsp is protected:
<web-app>
<servlet>
<servlet-name>Controller</servlet-name>
<display-name>Controller</display-name>
<servlet-class>Controller</servlet-class>
<init-param>
<param-name>Index</param-name>
<param-value>index.htm</param-value>
</init-param>
<init-param>
<param-name>AdminPage</param-name>
<param-value>/admin/adminPage.htm</param-value>
</init-param>
<init-param>
<param-name>UnprotectedPage</param-name>
<param-value>unprotectedPage.htm</param-value>
</init-param>

</servlet>
<security-constraint>
<web-resource-collection>
<web-resource-name>tools-admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>ProtectedArea</realm-name>
<form-login-config>
<form-login-page>/security/login.jsp</form-login-page>
<form-error-page>/security/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>
From Index page to access to admin page the paramater "page" is equal to "AdminPage". The Controller servlet jumps the login page ang go to admin page without athentication. Must I put the servlet in protected area? I am using JDBC Realm wiht three tables for authentication (Login, Roles, Role-Login).
15 years ago
Hello, I am developing a web application using the MVC pattern and I try to use to athenticate with JDBC Realms. My problem is that using this athentication method with a Controller servlet that forwards requests to a proper jsp page don�t works.
I don�t know to do. If someone know how I have to do to athenticate using a Controller servlet (I�m not using Struts).
I will explain with more detail:
I have a Controller servlet that receive all requests to others pages. This servlet must authenticate the user and if the user is athenticated forward to the proper protected page, else forward to a login page. I am using JDBC Realms to protect the folders that contains the pages must be accesed under authentication. the problem is that the servlet use the method forward(request, response) that jumps the security-contraint and it accessed to the protected pages. I don�t know hot to use the JDBC Realms with the Controller Servlet.
15 years ago
Hello, I am developing a web application using the MVC pattern and I try to use to athenticate with JDBC Realms. My problem is that using this athentication method with a Controller servlet that forwards requests to a proper jsp page don�t works.
I don�t know to do. If someone know how I have to do to athenticate using a Controller servlet (I�m not using Struts).
I will explain with more detail:
I have a Controller servlet that receive all requests to others pages. This servlet must authenticate the user and if the user is athenticated forward to the proper protected page, else forward to a login page. I am using JDBC Realms to protect the folders that contains the pages must be accesed under authentication. the problem is that the servlet use the method forward(request, response) that jumps the security-contraint and it accessed to the protected pages. I don�t know hot to use the JDBC Realms with the Controller Servlet.
15 years ago