JDev 10g - Security - web.xml - URL pattern matching
Hello,
I use JDeveloper 10.1.3.4. It's 4 hours I try to figure out what is going on:
I set security constraint in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>books</web-resource-name>
<url-pattern>faces/app/books/*</url-pattern>
<url-pattern>faces/*/app/books/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>books</role-name>
</auth-constraint>
</security-constraint>
User is logged in with role "books" for sure.
http://192.168.0.109:8988/lib/faces/app/books/page.jspx can be seen
but dialogs can't be seen, url is : http://192.168.0.109:8988/lib/faces/__ADFv__?_afPfm=1.5&_t=fred&_vir=/app/books/Search.jspx&loc=en&_rtrnId=2it redirects to login page.
Another thing, when I set only one url pattern : faces/app/books/*.jspx
I can't even see faces/app/books/page.jspx page!
It's very curious, have to be something else somewhere to set, because in SRDemo app this 2 cases don't cause problems.
Bart
snowface.net - snowboard equipement reviews
Hi,
dialogs are not opened by a GET request, which is what container managed authorization looks at. It basically bypasses this kind of security, which means that developers should check manually on teh command component that launches teh dialog if the authenticated user is allowed to do this. Also note that the default JSfnavigation is by postback which means you have to set all navigation to use the redirect flag to make it work with container managed security
Frank
Similar Messages
-
Jdev 10g: missing TemplateApplication.xml
Hi,
Just tried jdev 10g - when starting up have two messages:
1) Missing application.xml template file <jdev_home>\mywork\config\TemplateApplication.xml
2)Missing LRAD MMD folder <jdev_home>\mywork\config\jrad
What is it - a welcome type message or something I should take care about?
Thanks everybody.
AnatoliyHi,
dialogs are not opened by a GET request, which is what container managed authorization looks at. It basically bypasses this kind of security, which means that developers should check manually on teh command component that launches teh dialog if the authenticated user is allowed to do this. Also note that the default JSfnavigation is by postback which means you have to set all navigation to use the redirect flag to make it work with container managed security
Frank -
Using Dynamic JDBC Credentials with jazn security (web.xml) in BC
I have followed the document “How To Support Dynamic JDBC Credentials” http://www.oracle.com/technology/products/jdev/howtos/10g/dynamicjdbchowto.html to connect to the database using Business Components, as the user who logs in the application. (Proxy)
The only matter is that as I could see, I cannot use the application server integrated security (with roles) to protect the web resources.
The main objective is to protect the web resources using Declarative J2EE authentication and authorization using the Data Base users (and roles). I have implemented the solution for the first part (authentication) using DBLoginModule (DBSystemLoginModule) from Frank Nimphius and Duncan Mills, it’s working OK, but I need the second part; how to use the user that is logged in as the PROXY user of the BC connection.
Using the DBLoginModule, and the “How To Support Dynamic JDBC Credentials” separates works fine, but I can’t make them work together.Frank, Thanks a lot for your quick answer.
"Maybe you should look at using database proxy users with ADF BC so you can use the J2EE authenticated user principal as the database schema to connect through. I am working on documenting this approach, which however needs some more time of writing and testing."
Yes, that's exactly what I need!!!
Can you give me some tips about how to do that.. Do you have any idea of when you will finish that document?.
By the way, I'm using FORM authentication, but I don't know how to modify what’s in the “How To Support Dynamic JDBC Credentials” document, to use the J2EE authenticated user principal as the database schema to connect through.
One of the problems is that when using this approach, I cannot get the J2EE security to redirect to the login page...
Any help would be really appreciated -
Are you using JDev 10g for Web Services, service oriented development?
An author from a magazine is interested in talking to JDeveloper 10g Preview users about Web Services, Service Oriented architecture and related developer-oriented issues.
If you are currently using JDeveloper 10g and are willing to be interviewed for this article then I'd appreciate it if you could drop me a note at [email protected]
Thanks,
ArunYou must use Network Shared Variables, or raw TCP at this point. However, you should keep your eye out for LV 2013, as significant enhancements have been made to the exact use case you have referred to.
-
Hi all,
1)I have webapplication , I want to use form authentication to security it , under my root test , I have login.html, and secure folder ( group of pages),
I have two tables in my sql server , they are users, and user_role, mean time I give every user role member.
2) in my conf/server
I have <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
connectionURL="jdbc:microsoft:sqlserver://localhost:1433"
connectionName="test" connectionPassword="1234"
userTable="users" userNameCol="Name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />in my root test, I have web xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
<welcome-file>Home.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Home.html</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app> if I take away the security <auth-constraint>
<role-name>member</role-name>
</auth-constraint> in my web xml the whole application work fine after login, jump from page to page, action to action. but if I add it , I only can go to one page , every time I click the link it jump back to login page .
What mistake I make??
Best regard.Hi,
I'm assuming you invoking the JWS from JPD via a service control.
In this case, the serviceControl has setUsername and setPassword method which will allow you to specify the username and password
cheers
Raj -
Problems With url-pattern in a filter-mapping
Hi!
I need to make a filter when the clients call a jsf pages in /pages in my web application, but when i make the filter-mapping like this:
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>/pages/*.jsf</url-pattern>
</filter-mapping>An exception appears:
SEVERE: Parse error in application web.xml
java.lang.IllegalArgumentException: Invalid <url-pattern> /pages/*.jsf in filter mapping
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.commons.digester.Digester.parse(Digester.java:1548)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:263)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:624)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:216)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4290)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at org.apache.catalina.core.StandardService.start(StandardService.java:480)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)the <url-pattern>/pages/*</url-pattern> not work to me because process all pages, I nedd only *.jsf
Please Help me whit this."the <url-pattern>/pages/*</url-pattern> not work to me because process all pages, I nedd only *.jsf"
Yes but in the filter you can get the url from the request.getUrl() and then only process requests that contain .jsf. Simply just pass all other requests along.
Some information on url pattern matching:
http://edocs.bea.com/wls/docs61/webapp/components.html#113049 -
Hi,
below is the code for filter url mapping.
"<url-pattern>/gbsUploadSummary.jsp</url-pattern>" .I have a problem with this line...its nt executing....can i know the mistake...
<filter>
<filter-name>DumpFilter</filter-name> <filter-class>com.pwc.webectm.util.DumpFilter</filter-class>
<init-param>
<param-name>dumpRequest</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>dumpResponse</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>DumpFilter</filter-name>
<url-pattern>/gbsUploadSummary.jsp</url-pattern>
</filter-mapping>What exact URL do you supply? (You can omit the host for privacy if you like, but you have likely already supplied it in your original post). I am confused about what you are asking. Are you saying that you can see the output of your JSP but not any code in your filter? My guess is the dump filter is relatively trivial (e.g., outputing the request and response received). Can you post the code? Is there a possibility you are not reading your init params correctly?
It is one of the following:
1. The filter mapping in web.xml does not match that which you are sending in your request in the browser address bar (most likely, but hard to tell)
2. You are not reading your init params correctly so that 'true' is not being evaluated and you are in essense skipping over your own code blocks (hard to tell without the filter code itself, but you could easily verify by putting a logging statement in the first line of doFilter()).
3. You have an error in your code that is causing the filter not to initialize (there should be an exception in the logs in this case)
4. Related to #2, there is a simple coding error in the filter itself preventing you from seeing output
- Saish -
Hello,
i would like to make a web.xml config that forwards all requests to 1 controller except for the css witch should be accessed directly .. is this possible ?
Also if possible a user should not be able to directly access .jsp files.
Right now i have:
<web-app>
<servlet>
<servlet-name>Controller</servlet-name>
<display-name>Controller</display-name>
<servlet-class>be.psb.stockdb.web.Controller</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>/servlet/be.psb.stockdb.web.Controller</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
But like this it is not possible to access the css. I hope there is a better solution than to to write a servlet that just writes the css to the client ..
Any help would be appreciated,
tnxhi,
thanks for your comment.
I should have mentionend that i already made the whole application (with just jsp/servlet technology), so switching to struts now is no option.
I'm just having problems with the css because the clients dont seem to have permission to acces the css-file.
So at the moment im using :
<style><jsp:include page="themes/stockdatabase.css"/></style>
it would be nicer to give acces to the css file in the web.xml file and use:
<link href="/themes/stockdatabase.css" rel="stylesheet" type="text/css" />
but i cant figure out how to do that.
2nd problem i have is that the users shound be able to access the .jsp's directly (they can atm). I just use a template.jsp which is accessed by the controller:
// forward everything to /template.jsp
RequestDispatcher rd = request.getRequestDispatcher("/template.jsp");
rd.forward(request, response);
Then the template.jsp includes other jsp's specified by the controller:
<% String view = ((String)request.getAttribute("view"));
if ( view != null ){
%> <jsp:include page="<%= view %>" /> <%
So basicly i need a web.xml file that:
gives access for css files to everyone.
give access to the template.jsp file to everyone
direct all other requests to the controller.
Hope this was a bit clearer :) -
Using security-constraint in web.xml; not recognizing url-pattern tag
I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint. -
How to add another secure url in web.xml?
hello i want to secure my web application i have two kind of users i have users and admin.each of them has each certificat users have permission to enter /users and admin have permission to enter /admins/ but i want also users to enter another folder which is /otheruserplace how can i add this in my web.xml file here is my code
http://pastebin.com/m3e13d3d9Just add another url-pattern.
This has nothing to do with JSF however. More suitable place would have been the Servlets forum. -
Regular expression in url-pattern in web.xml
hi,
could any tell me the is web.xml accepts regexp(except wild card) in it's url-pattern attribute. I want to put regular expression (except wildcard, i know it supports) as [a-zA-Z]+ like in url-pattern in servlet-mapping. I tried this :
<servlet-mapping>
<servlet-name>AppDnldMain</servlet-name>
<url-pattern>/[a-zA-Z]+/?</url-pattern>
</servlet-mapping>
But it dint work.. I dont know whether i processed in right way. Any suggestion are most welcome..No it does not accept wild card.
Servlet specification section SRV.11.2
In theWeb application deployment descriptor, the following syntax is used to define
mappings:
A string beginning with a / character and ending with a /* suffix is used
for path mapping.
A string beginning with a *. prefix is used as an extension mapping.
A string containing only the / character indicates the "default" servlet of
the application. In this case the servlet path is the request URI minus the context
path and the path info is null.
All other strings are used for exact matches only.
If you want regex matching, you can match all urls to a single servlet, and then use request.getRequestURI and do regex on that in your code.
Cheers,
evnafets -
Bug when specifying url-pattern in web.xml
Hi
I have been using Weblogic 6.0 Beta and managed to specify the following
security constraint
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>no description</description>
<url-pattern>/control/signin</url-pattern>
<url-pattern>/control/refreshUser</url-pattern>
<url-pattern>/control/updateUser</url-pattern>
<url-pattern>/control/deleteaddress</url-pattern>
<url-pattern>/control/updateaddress</url-pattern>
<url-pattern>/control/refreshcontacts</url-pattern>
<url-pattern>/control/updatecard</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
</security-constraint>
This works fine as you would expect. I have upgraded to Weblogic 6.0 Service
Pack 1 Rolling Patch 1 and the same web.xml file no longer works. When you
try and start the server Weblogic hangs just after loading the Oracle driver
that I use.
The odd behaviour is that if I change the order of the url-pattern elements
so that the updatecard URL is above the refreshUser URL the server starts!
(shown below)
<url-pattern>/control/signin</url-pattern>
<url-pattern>/control/updatecard</url-pattern>
<url-pattern>/control/refreshUser</url-pattern>
<url-pattern>/control/updateUser</url-pattern>
<url-pattern>/control/deleteaddress</url-pattern>
<url-pattern>/control/updateaddress</url-pattern>
<url-pattern>/control/refreshcontacts</url-pattern>
A deadlock condition appears to occur, a section of the thread dump looks
like:
"Reference Handler" daemon prio=10 tid=0x8990b20 nid=0x7dc waiting on
monitor [0
x8c0f000..0x8c0fdc4]
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:420)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:110)
"main" prio=5 tid=0x234ce0 nid=0x6cc runnable [0x6e000..0x6fc3c]
at weblogic.servlet.utils.URLMatchMap.put(URLMatchMap.java:156)
at
weblogic.servlet.security.internal.WebAppSecurity.setConstraints(WebA
ppSecurity.java:77)
Looking at the weblogic.jar file the URLMatchMap class is a new addition
over the original Weblogic 6.0. It seems that the put method of the
URLMatchMap may be going into an infinite loop, dependant on the URLs that
are being entered. The fact that changing the order of the URLs overcomes
the bug seems to suggest there may be some coding error in this new class.
A fix would be great if anyone has one.
Chris Mein
Just wondering if anyone ever came up with the solution to the bug with WL 6.0
sp1, mentioned by Chris, below. Any information on this would be greatly appreciated.
Tony
"Chris Mein" <[email protected]> wrote:
>Hi
>
>I have been using Weblogic 6.0 Beta and managed to specify the following
>security constraint
>
><security-constraint>
> <web-resource-collection>
> <web-resource-name>SecurePages</web-resource-name>
> <description>no description</description>
> <url-pattern>/control/signin</url-pattern>
> <url-pattern>/control/refreshUser</url-pattern>
> <url-pattern>/control/updateUser</url-pattern>
> <url-pattern>/control/deleteaddress</url-pattern>
> <url-pattern>/control/updateaddress</url-pattern>
> <url-pattern>/control/refreshcontacts</url-pattern>
> <url-pattern>/control/updatecard</url-pattern>
> <http-method>POST</http-method>
> <http-method>GET</http-method>
> </web-resource-collection>
> </security-constraint>
>
>This works fine as you would expect. I have upgraded to Weblogic 6.0
>Service
>Pack 1 Rolling Patch 1 and the same web.xml file no longer works. When
>you
>try and start the server Weblogic hangs just after loading the Oracle
>driver
>that I use.
>
>The odd behaviour is that if I change the order of the url-pattern elements
>so that the updatecard URL is above the refreshUser URL the server starts!
>(shown below)
>
><url-pattern>/control/signin</url-pattern>
><url-pattern>/control/updatecard</url-pattern>
><url-pattern>/control/refreshUser</url-pattern>
><url-pattern>/control/updateUser</url-pattern>
><url-pattern>/control/deleteaddress</url-pattern>
><url-pattern>/control/updateaddress</url-pattern>
><url-pattern>/control/refreshcontacts</url-pattern>
>
>A deadlock condition appears to occur, a section of the thread dump looks
>like:
>
>"Reference Handler" daemon prio=10 tid=0x8990b20 nid=0x7dc waiting on
>monitor [0
>x8c0f000..0x8c0fdc4]
> at java.lang.Object.wait(Native Method)
> at java.lang.Object.wait(Object.java:420)
> at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:110)
>
>"main" prio=5 tid=0x234ce0 nid=0x6cc runnable [0x6e000..0x6fc3c]
> at weblogic.servlet.utils.URLMatchMap.put(URLMatchMap.java:156)
> at
>weblogic.servlet.security.internal.WebAppSecurity.setConstraints(WebA
>ppSecurity.java:77)
>
>Looking at the weblogic.jar file the URLMatchMap class is a new addition
>over the original Weblogic 6.0. It seems that the put method of the
>URLMatchMap may be going into an infinite loop, dependant on the URLs
>that
>are being entered. The fact that changing the order of the URLs overcomes
>the bug seems to suggest there may be some coding error in this new class.
>
>A fix would be great if anyone has one.
>
>Chris Mein
>
>
-
URLs not matching the mappings I set in web.xml
Below is what I observe, I would have expected the URL to match all 3 but it only matches for the first one , any ideas?
Web.xml contains
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>HWfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
http://localhost/Chapter7/test.txt - URL matches filter
Web.xml contains
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>HWfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
http://localhost/Chapter7/test.txt - URL DOES NOT match filter
Web.xml contains
<filter>
<filter-name>MyFilter</filter-name>
<filter-class>HWfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyFilter</filter-name>
<url-pattern>/*.txt</url-pattern>
</filter-mapping>
http://localhost/Chapter7/test.txt - URL DOES NOT match filter
----------------------------------------------------------------I found this in the Servlet API specification:
� A string beginning with a �/� character and ending with a �/*� postfix is used
for path mapping.
� A string beginning with a �*.� prefix is used as an extension mapping.
� A string containing only the �/� character indicates the "default" servlet of the
application. In this case the servlet path is the request URI minus the context
path and the path info is null.
� All other strings are used for exact matches only.
According to this, your third one should work if you remove the / and just have *.txt. -
How to use a wild card for url pattern in web.xml?
I want to use web container managed security to protect all my JSP pages. I tried
to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
However, none of my pages is protected. Specifying each page individually works,
but I really don't want to do that. Any ideas?
Eric:
Which version of WebLogic Server are you using (including any service pack or rolling
patches)?
Eric Ma wrote:
> I want to use web container managed security to protect all my JSP pages. I tried
> to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
> However, none of my pages is protected. Specifying each page individually works,
> but I really don't want to do that. Any ideas?
Jim Brown
Developer Relations Engineer
BEA Support
-
I have some more problem in the web.xml file and url-pattern in my syste
HI ALL!
How can I create and place the web.xml and URL-parrten.Because I run
the tomcat in my computer with ME system.
Hocwhat is the problem? please be more specific and detailed? check a sample web.xml file and make your own one and place it in your <application-context>\WEB-INF folder..
Maybe you are looking for
-
How do I move audio files from song list?
I have some audio MP3 files in iTunes, but they show up under the Songs List. Can I move them so they don't show up in the Music songs list, e.g. move them to podcasts?
-
How will I download from MBP 17'' 2006 to MB Air 2012?
I was planning to buy a MacBook Air in the New Year but wonder how I will connect my MBP and whether all my MBP accesories will be obsolete. Is there an adapter that will connect from a firewire 800 to Thunderbolt? I have an iPad 2 and an Air printer
-
Bootcamp Question: External HD
First off, my hats off to the Mac community. I'm a recent convert from PC to Mac. Here is what I want to do, and tell me if its possible. I want to use Bootcamp to get Windows XP on my computer in order to run alot of the windows software that I cant
-
Change /etc/acpi/handler.sh to a different language
I have acpid running on my system. I don't like shell scripting so I translated handler.sh's functionality into a ruby script which works fine and which I personally happen to find easier to maintain. Anyhow, the question I have is, is it possible to
-
Storing data with no real key.
Hello, I'm trying to optimize our storage backend once more. We currently am able to switch between a simple RandomAccessFile and a BerkeleyDB backend. However I think we don't need a B-tree or something. I'm working on a treebased storage system and