Query string in security constraint in web.xml

Hi All
I want to portect following URL in securit-constraint tag of web.xml
/appmanager/website/portal?_nfpb=true&_pageLabel=myaccount
but when i write :
<security-constraint>
<display-name>FormProtectedPages</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern/appmanager/website/portal?_nfpb=true&_pageLabel=myaccount</url-pattern> //line 1
</web-resource-collection>
<auth-constraint>
     <role-name>MyRole</role-name>
</auth-constraint>
<user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
     </user-data-constraint>
</security-constraint>
It gives me error in line 1 that
"the reference to entity "_pagelabel" must end with ";" delimiter."
What could be the reason for this. Cant i portect URLs of this kind in my web.xml?
Any suggestions would be helpful.
Thanks

Shabd wrote:
It gives me error in line 1 that
"the reference to entity "_pagelabel" must end with ";" delimiter."
What gives you an error?

Similar Messages

RE: security-constraint in web.xml of sunone 6.1

Hello again,
Still url-pattern of security-constraint issue in web.xml of sunone 6.1 (SP5).
I am pretty sure this pattern works fine in SunOne 6.0 and SunOne 6.1 SP2,
<security-constraint>
<url-pattern>/app/jws1/*.jsp</url-pattern>
<url-pattern>/app/jws1/*.jnlp</url-pattern>
</security-constraint>
In SunOne 6.0 or SunOne 6.1 SP2, if I have not yet logged in and type in a url matching the above patterns in a browser, I will be asked for username and password. But in SunOne 6.1 SP5, I won't be asked for username and password.

Unfortunately, that's not how <url-pattern> values work. They shouldn't have "worked" in 6.1 SP2. I'm pretty sure they didn't. 6.0 takes a more intuitive, but nonstandard, approach to <url-pattern> wildcards. That nonstandard behaviour was corrected in 6.1.
The Java Servlet Specification 2.3 -- see http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ -- defines the contents of the <url-pattern> as follows:
� A string beginning with a �/� character and ending with a �/*� postfix is used for path mapping.
� A string beginning with a �*.� prefix is used as an extension mapping.
� A string containing only the �/� character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
� All other strings are used for exact matches only.
That means that /app/jws1/* will do what you might expect, as will *.jsp, but /app/jws1/*.jsp will only match the exact URI /app/jws1/*.jsp. /app/jws1/*.jsp will not match a URI such as /app/jws1/filename.jsp.
If you can't construct appropriate authorization rules using <url-pattern>, you may wish to a) restructure your web app or b) use Web Server ACLs.

Using security-constraint in web.xml; not recognizing url-pattern tag

I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.

I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint.

Security constraint in web.xml

Hi All
I want to set a security contraint to verfity my system user, I know I need to put the following section into the tomcat created web.xml. But I dont know where is the web.xml on my Tomcat 4.1.24, because i found many web.xml files in different directory.
Q1) Sorry I know this is a silly question, but can u tell me which web.xml is the one I need to edit in order to set my the security constraint?
Q2) Instead of editing the created Tomcat web.xml, can I create my own web.xml and put it in <Tomcat_Homw>/webapps/ROOT/WEB-INF. This is just only for the security constraint towards my system.
Many many thanks
Kelvin
<security-constraint>
<web-resource-collection>
<web-resource-name>Administration</web-resource-name>
<url-pattern>/admin</url-pattern>
<url-pattern>/users</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login-error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>

you need to do it for every web-app... thats why there is one web.xml file for each! There is a thing in CATALINA_HOME/conf/server.xml that u can uncomment to enable 'single-logon' which means u cna log on once and be authenticated for every web-app...
root isn't a web-app i don't think... so therefore u can't restrict access to it (someone correct me if wrong)... I don't know what u mean by restricting access to your 'system'

Security constraint in Web.xml of tomcat

Hi
I have a web-application running on tomcat . Inside the context folder i have several directories having some pre-defined configuration files . But the user is able to directly access them by typing the path including the fileName in the URL ( I have disabled the listings property however)
How can i prevent accessing the specific files .... I tried using
<security-constraint>
<display-name>Security constarint</display-name>
<web-resource-collection>
<web-resource-name>Java Application</web-resource-name>
<url-pattern>/folder/*</url-pattern>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>OnJava Application</realm-name>
</login-config>
This seems to be working fine , but when the user enters the wrong security info thrice , 401 error page is coming instead i want my custom page . Hence i configured an error page for 401 code which overwrited the earlier behavaiour ie.. that BASIC authentication popup is not coming
Can any one let me know how to go about this

Hi ,
I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
<security-constraint>
<web-resource-collection>
<web-resource-name>Declarative Security Test</web-resource-name>
<url-pattern>/SuperServlet</url-pattern>
<url-pattern>/*</url-pattern>
<http-method>post</http-method>
<http-method>get</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>guest</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>guest</role-name>
<role-name>member</role-name>
</security-role>
The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.

Form based authentication problem - security constraint in web.xml

Hi ,
I have j_security_check in my login page
<form name="loginForm" id="loginForm" method="post" action="j_security_check">
     <table id="login" align="center" cellspacing="0" cellpadding="0">
               <tr>
                    <td class="label">Name</td>
                    <td class="value"><input id="j_username" name="j_username" value="" type="text" ></td>
               </tr>
               <tr>
                    <td class="label">Password</td>
                    <td class="value"><input name="j_password" type="password"></td>
               </tr>
               <tr>
                    <td colspan="2" class="submit"><input type="submit" name="Submit" value="Log in >>"></td>
               </tr>
     </table>
     </form>
And my web.src consists the following
<security-constraint>
          <web-resource-collection>
               <web-resource-name>EP</web-resource-name>
               <url-pattern>/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
</web-resource-collection>
          <auth-constraint>
               <role-name>EP</role-name>
          </auth-constraint>
          <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
<login-config>
          <auth-method>EPULSE</auth-method>
          <realm-name>AuditManager</realm-name>
          <form-login-config>
               <form-login-page>/login.jsp</form-login-page>
               <form-error-page>/error.jsp</form-error-page>
          </form-login-config>
     </login-config>
After I start the tomcat server I can go to the login page, however when I enter the username and password and press enter..
http://localhost:8443/au/j_security_check ...
Can you please advise me whether there is a problem in this?
Manisha

Please read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop.

Wrong security configuration in web.xml

Hi all
I am developing an application with JDeveloper 10.1.3.3 using ADF-BC/JSF. I have followed the example of SRDemo and my .jspx files are located in two folders : public_html/app and public_html/pricelist/
My application will have two user roles. The administrators who access everything and the users that need to access only the pages located in faces/app and get access denied mesages in all pricelist management pages.
I have used file based security and defined users and roles in jaz-data.xml. I have also verified that the data in that file are correct using the isUserInRole() function.
What I cannot get to work correctly is the security in the web.xml since the way I have it both users and admins are granted full access to the faces/app/pricelist pages.
The security constrains on my web.xml look like this :
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>PricelistData</web-resource-name>
            <description> Price list management pages</description>
            <url-pattern>faces/app/pricelist/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>UserData</web-resource-name>
            <url-pattern>faces/app/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>jazn.com</realm-name>
    </login-config>
    <security-role>
        <role-name>user</role-name>
    </security-role>
    <security-role>
        <role-name>admin</role-name>
    </security-role>Can anyone tell me what am I doing wrong, or suggest anything else I should check ?
Thanassis

Well you're orion-application.xml file looks okay to me, and addition if the isUserInRole is returning proper values, it's hooked up correctly.
(By the way, a useful bean/free piece of code to do just what you're doing is the JSF-Security scope as written by Duncan Mills on Sourceforge)
As such I'd be looking at the security constraints URLs. You haven't by chance changed the url-pattern for the Faces Servlet? The default is this:
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>...and your url-patterns assumes it starts with faces. Note it is correct in your url-patten to not include a forward slash before faces in the security constraint.
Another thing that springs to mind, when you navigate to the protected page through your menu structure, what URL do you see in the browser? Is it the URL of the page you came from, or the URL of the page you navigated to ... and in addition ..... another thing to try is in your browser, rather than navigating through your menu structure, go straight to the URL of the page. Does the login page then show?
The reason I mention this is if you're using the default navigation style in JSF for JDev 10.1.3 (if memory serves me well, it's direct), the Servlet may not actually inforce your protected page navigation as the navigated-to page is never actually served by the Faces servlet to the JEE engine to enforce security. I think I had a b1tch about this issue in the following OTN Re: ER: JSF direct navigation ignores JAZN container based security. Could this be what you're hitting?
As such try changing the navigation type to redirect.
CM.

Need api for changing security role in web.xml !!

My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
Do I need to provide any more information ? Let me know
Thanks,
Karthick

why and when do you change security-role? try to use ant task (perhaph you need xpath also). itÂ´s the better when you perform task about lifeÂ´s cycle of application.
please, describe your problem.
of course in you change web.xml you must restart the application.

Using query strings in links mysite.verizon web pages

Has anyone had trouble using query strings in links to other web pages your personal web pages? I have a link to another web page where I pass an ID using query string but when I click on the link I get a 404 error even though the web page exists (the link appears fine).

Hello jillibee,
Maybe this link will provide some assistance for you. http://forums.verizon.com/t5/FiOS-Internet/Personal-Website-Access/m-p/277209/highlight/true#M19266
Thanks,
Shamika_Vz
Verizon Support
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

How do I add a record's primary key to a query string and add that to an .xml catalog?

Hello everyone,
I am using Dreamweaver CS3 on a MacBook Pro Leopard 10.5.6 and MAMP 1.7. I am also teaching myself how to work with PHP and MySQL, using David Powers book The Essential Guide to Dreamweaver CS3.
I am trying to create a wedding photography web site, with a personal page after login, which will display the photographs of the customers wedding.
The same page will also be a catalog/shopping cart, so the customer can choose which photo's they want, and pay for them. (I am aware that there are instructions in The Essential Guide in chapter 15 page 515, on how to redirect to a personal page, but it doesn't fully cover what I am asking).
I have already created the login success page, which greets users by name, as per the instructions in The Essential Guide. I have also created a catalog page. However my catalog page is not calling information from the database, instead it is taking information from an XML page using PHP.
I would like to insert a list menu on the login success page, which lists the customers name, and when they select their name they will then select a link that will take them to a personal page with just their wedding photographs.
I am unsure of how to pass the customer_id, in what will be the username list menu, to the page which will contain the customers set of wedding images.
Is it the same process used in chapter 14 where you add a record's primary key to a query string?
I am asking because when I set up a recordset from the MySQL database it lists the images as witten names not actual images, I have tried calling the images with PHP code but it just doesn't work.
The catalog page I have set up at the moment is not calling the images from the database, but directly from the image folder.
Is what I am trying to do possible?
If so how do I pass the customer_id and username to a recordset and link that recordset to the xml catalog so the customers personal wedding images are displayed on the catalog page for the shopping cart? I need step by step instructions, or maybe a link to a good tutorial.
Can somebody help me please?
Thankyou.

QuickTime 7 can set the poster frame, but I've not had much success with it. This is what QuickTime 7 Help says about this topic:
+A "poster frame" is a still image of a movie that represents the movie in places like the Finder. The default poster frame is the first frame in the movie. You can change the poster frame.+
+To change a movie's poster frame:+
+In QuickTime Player 7, drag the playhead (or use the arrow keys to move the playhead) to the desired frame.+
+Choose View > Set Poster Frame.+
+To view a movie's poster frame, choose View > "Go to Poster Frame."+
If you don't have QuickTime 7 (version 7.6.6) it can be installed from your Snow Leopard disc using a custom install. Otherwise download it from this Apple site: http://support.apple.com/kb/DL923
John

Error creating acl for (resource). I get this error when entering security info in web.xml.

We're using iWS 6.0. Is there some security configuration that needs to be done in order to use standard security directives in our web application's web.xml?
Thanks!

Hi ,
I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
<security-constraint>
<web-resource-collection>
<web-resource-name>Declarative Security Test</web-resource-name>
<url-pattern>/SuperServlet</url-pattern>
<url-pattern>/*</url-pattern>
<http-method>post</http-method>
<http-method>get</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>guest</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>guest</role-name>
<role-name>member</role-name>
</security-role>
The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.

Set security contstraints in web.xml

what all shl i add to my web.xml to add the security constraints..
i need to make the client cert and authentication

http://edocs.bea.com/wls/docs61/webapp/web_xml.html

Security in my web.xml in Tomcat 4

Hello,
I was using this application on Tomcat 3 and my web.xml worked perfectly well.
However when I tried to start it on Tomcat 4 there is something wrong with the
security part of my web.xml . If I leave out the security constraint for this application, it
works. However if I make my application secure I am unable to view it in the browser.
It does not try to connect to the login.jsp page for log in , but simply displays the message that the page is unavailable and that I have to refresh my browser. Please help me with that because I am stuck.
Here is my web.xml :
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>UploadServlet</servlet-name>
<servlet-class>UploadServlet</servlet-class>
<init-param>
<param-name>SaveDirectory</param-name>
<param-value>C:\Homeworks\</param-value>
</init-param>
<init-param>
<param-name>Proffesors</param-name>
<param-value>Clayton,Douglass,Guruvado</param-value>
</init-param>
</servlet>
<security-constraint>
<display-name>Protected Homework Upload</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
     

     <url-pattern>/servlet/UploadServlet</url-pattern>
     
     <http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
     <http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>

<role-name>student</role-name>
<role-name>proffesor</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Thank you very much for your time and advise. I appreciate it very much
Martin

hi,slice
I donot really find exactly what is wrong in your config file. But I have some suggestions:
1.Please use servlet URL mapping in "servlet" tag (for example: "/security/upload") instead of using default servlet URL(just like "/servlet/UploadServlet").
2. In the "url-pattern" tag inside "web-resource-name" ,please using "/security/*", if you are using my suggestion above.
3.Make sure that your "login.jsp" page is in the right place of the application's doc-root.
Make a try and good luck!
Wang Yu
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support

Security API on web.xml

hello i'm java junior programmer.
my file web.xml bind the follow tag
<security-constraint>
<web-resource-collection>
<web-resource-name>UIWebSecurity</web-resource-name>
<description></description>
<url-pattern>/</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Utente Autenticato</description>
<role-name>UtenteAutenticato</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>OpenWAY</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
bat a i got a trouble .
after my login in login.html page ,the application required my ather log
thanks for help me

Please read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop.

Security problem in Web xml??

Hi all,
1)I have webapplication , I want to use form authentication to security it , under my root test , I have login.html, and secure folder ( group of pages),
I have two tables in my sql server , they are users, and user_role, mean time I give every user role member.
2) in my conf/server
I have <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
          connectionURL="jdbc:microsoft:sqlserver://localhost:1433"
         connectionName="test" connectionPassword="1234"
              userTable="users" userNameCol="Name" userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />in my root test, I have web xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
        <welcome-file>Home.html</welcome-file>
</welcome-file-list>
<security-constraint>
          <web-resource-collection>
               <web-resource-name>SecurePages</web-resource-name>
               <description>Security constraint for resources in the secure directory</description>
               <url-pattern>/secure/*</url-pattern>
               <http-method>GET</http-method>
          </web-resource-collection>
           <auth-constraint>
                       <role-name>member</role-name>
                        </auth-constraint>
          <user-data-constraint>
               <description>SSL not required</description>
               <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
         <login-config>
              <auth-method>FORM</auth-method>
              <form-login-config>
                   <form-login-page>/Home.html</form-login-page>
                   <form-error-page>/ErrorLogin.jsp</form-error-page>
              </form-login-config>
         </login-config>
</web-app> if I take away the security <auth-constraint>
<role-name>member</role-name>
</auth-constraint> in my web xml the whole application work fine after login, jump from page to page, action to action. but if I add it , I only can go to one page , every time I click the link it jump back to login page .
What mistake I make??
Best regard.

Hi,
I'm assuming you invoking the JWS from JPD via a service control.
In this case, the serviceControl has setUsername and setPassword method which will allow you to specify the username and password
cheers
Raj

Query string in security constraint in web.xml

Similar Messages

Maybe you are looking for