RE: security-constraint in web.xml of sunone 6.1
Hello again,
Still url-pattern of security-constraint issue in web.xml of sunone 6.1 (SP5).
I am pretty sure this pattern works fine in SunOne 6.0 and SunOne 6.1 SP2,
<security-constraint>
<url-pattern>/app/jws1/*.jsp</url-pattern>
<url-pattern>/app/jws1/*.jnlp</url-pattern>
</security-constraint>
In SunOne 6.0 or SunOne 6.1 SP2, if I have not yet logged in and type in a url matching the above patterns in a browser, I will be asked for username and password. But in SunOne 6.1 SP5, I won't be asked for username and password.
Unfortunately, that's not how <url-pattern> values work. They shouldn't have "worked" in 6.1 SP2. I'm pretty sure they didn't. 6.0 takes a more intuitive, but nonstandard, approach to <url-pattern> wildcards. That nonstandard behaviour was corrected in 6.1.
The Java Servlet Specification 2.3 -- see http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ -- defines the contents of the <url-pattern> as follows:
� A string beginning with a �/� character and ending with a �/*� postfix is used for path mapping.
� A string beginning with a �*.� prefix is used as an extension mapping.
� A string containing only the �/� character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
� All other strings are used for exact matches only.
That means that /app/jws1/* will do what you might expect, as will *.jsp, but /app/jws1/*.jsp will only match the exact URI /app/jws1/*.jsp. /app/jws1/*.jsp will not match a URI such as /app/jws1/filename.jsp.
If you can't construct appropriate authorization rules using <url-pattern>, you may wish to a) restructure your web app or b) use Web Server ACLs.
Similar Messages
-
Using security-constraint in web.xml; not recognizing url-pattern tag
I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint. -
Query string in security constraint in web.xml
Hi All
I want to portect following URL in securit-constraint tag of web.xml
/appmanager/website/portal?_nfpb=true&_pageLabel=myaccount
but when i write :
<security-constraint>
<display-name>FormProtectedPages</display-name>
<web-resource-collection>
<web-resource-name>Constraint-0</web-resource-name>
<url-pattern/appmanager/website/portal?_nfpb=true&_pageLabel=myaccount</url-pattern> //line 1
</web-resource-collection>
<auth-constraint>
<role-name>MyRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
It gives me error in line 1 that
"the reference to entity "_pagelabel" must end with ";" delimiter."
What could be the reason for this. Cant i portect URLs of this kind in my web.xml?
Any suggestions would be helpful.
ThanksShabd wrote:
It gives me error in line 1 that
"the reference to entity "_pagelabel" must end with ";" delimiter."
What gives you an error? -
Security constraint in web.xml
Hi All
I want to set a security contraint to verfity my system user, I know I need to put the following section into the tomcat created web.xml. But I dont know where is the web.xml on my Tomcat 4.1.24, because i found many web.xml files in different directory.
Q1) Sorry I know this is a silly question, but can u tell me which web.xml is the one I need to edit in order to set my the security constraint?
Q2) Instead of editing the created Tomcat web.xml, can I create my own web.xml and put it in <Tomcat_Homw>/webapps/ROOT/WEB-INF. This is just only for the security constraint towards my system.
Many many thanks
Kelvin
<security-constraint>
<web-resource-collection>
<web-resource-name>Administration</web-resource-name>
<url-pattern>/admin</url-pattern>
<url-pattern>/users</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login-error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>administrator</role-name>
</security-role>you need to do it for every web-app... thats why there is one web.xml file for each! There is a thing in CATALINA_HOME/conf/server.xml that u can uncomment to enable 'single-logon' which means u cna log on once and be authenticated for every web-app...
root isn't a web-app i don't think... so therefore u can't restrict access to it (someone correct me if wrong)... I don't know what u mean by restricting access to your 'system' -
Security constraint in Web.xml of tomcat
Hi
I have a web-application running on tomcat . Inside the context folder i have several directories having some pre-defined configuration files . But the user is able to directly access them by typing the path including the fileName in the URL ( I have disabled the listings property however)
How can i prevent accessing the specific files .... I tried using
<security-constraint>
<display-name>Security constarint</display-name>
<web-resource-collection>
<web-resource-name>Java Application</web-resource-name>
<url-pattern>/folder/*</url-pattern>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>OnJava Application</realm-name>
</login-config>
This seems to be working fine , but when the user enters the wrong security info thrice , 401 error page is coming instead i want my custom page . Hence i configured an error page for 401 code which overwrited the earlier behavaiour ie.. that BASIC authentication popup is not coming
Can any one let me know how to go about thisHi ,
I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
<security-constraint>
<web-resource-collection>
<web-resource-name>Declarative Security Test</web-resource-name>
<url-pattern>/SuperServlet</url-pattern>
<url-pattern>/*</url-pattern>
<http-method>post</http-method>
<http-method>get</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>guest</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>guest</role-name>
<role-name>member</role-name>
</security-role>
The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help. -
Form based authentication problem - security constraint in web.xml
Hi ,
I have j_security_check in my login page
<form name="loginForm" id="loginForm" method="post" action="j_security_check">
<table id="login" align="center" cellspacing="0" cellpadding="0">
<tr>
<td class="label">Name</td>
<td class="value"><input id="j_username" name="j_username" value="" type="text" ></td>
</tr>
<tr>
<td class="label">Password</td>
<td class="value"><input name="j_password" type="password"></td>
</tr>
<tr>
<td colspan="2" class="submit"><input type="submit" name="Submit" value="Log in >>"></td>
</tr>
</table>
</form>
And my web.src consists the following
<security-constraint>
<web-resource-collection>
<web-resource-name>EP</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>EP</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>EPULSE</auth-method>
<realm-name>AuditManager</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
After I start the tomcat server I can go to the login page, however when I enter the username and password and press enter..
http://localhost:8443/au/j_security_check ...
Can you please advise me whether there is a problem in this?
ManishaPlease read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop. -
Wrong security configuration in web.xml
Hi all
I am developing an application with JDeveloper 10.1.3.3 using ADF-BC/JSF. I have followed the example of SRDemo and my .jspx files are located in two folders : public_html/app and public_html/pricelist/
My application will have two user roles. The administrators who access everything and the users that need to access only the pages located in faces/app and get access denied mesages in all pricelist management pages.
I have used file based security and defined users and roles in jaz-data.xml. I have also verified that the data in that file are correct using the isUserInRole() function.
What I cannot get to work correctly is the security in the web.xml since the way I have it both users and admins are granted full access to the faces/app/pricelist pages.
The security constrains on my web.xml look like this :
<security-constraint>
<web-resource-collection>
<web-resource-name>PricelistData</web-resource-name>
<description> Price list management pages</description>
<url-pattern>faces/app/pricelist/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>UserData</web-resource-name>
<url-pattern>faces/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jazn.com</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>Can anyone tell me what am I doing wrong, or suggest anything else I should check ?
ThanassisWell you're orion-application.xml file looks okay to me, and addition if the isUserInRole is returning proper values, it's hooked up correctly.
(By the way, a useful bean/free piece of code to do just what you're doing is the JSF-Security scope as written by Duncan Mills on Sourceforge)
As such I'd be looking at the security constraints URLs. You haven't by chance changed the url-pattern for the Faces Servlet? The default is this:
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>...and your url-patterns assumes it starts with faces. Note it is correct in your url-patten to not include a forward slash before faces in the security constraint.
Another thing that springs to mind, when you navigate to the protected page through your menu structure, what URL do you see in the browser? Is it the URL of the page you came from, or the URL of the page you navigated to ... and in addition ..... another thing to try is in your browser, rather than navigating through your menu structure, go straight to the URL of the page. Does the login page then show?
The reason I mention this is if you're using the default navigation style in JSF for JDev 10.1.3 (if memory serves me well, it's direct), the Servlet may not actually inforce your protected page navigation as the navigated-to page is never actually served by the Faces servlet to the JEE engine to enforce security. I think I had a b1tch about this issue in the following OTN Re: ER: JSF direct navigation ignores JAZN container based security. Could this be what you're hitting?
As such try changing the navigation type to redirect.
CM. -
Need api for changing security role in web.xml !!
My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
Do I need to provide any more information ? Let me know
Thanks,
Karthickwhy and when do you change security-role? try to use ant task (perhaph you need xpath also). it´s the better when you perform task about life´s cycle of application.
please, describe your problem.
of course in you change web.xml you must restart the application. -
Error creating acl for (resource). I get this error when entering security info in web.xml.
We're using iWS 6.0. Is there some security configuration that needs to be done in order to use standard security directives in our web application's web.xml?
Thanks!Hi ,
I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
<security-constraint>
<web-resource-collection>
<web-resource-name>Declarative Security Test</web-resource-name>
<url-pattern>/SuperServlet</url-pattern>
<url-pattern>/*</url-pattern>
<http-method>post</http-method>
<http-method>get</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>guest</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>guest</role-name>
<role-name>member</role-name>
</security-role>
The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help. -
Set security contstraints in web.xml
what all shl i add to my web.xml to add the security constraints..
i need to make the client cert and authenticationhttp://edocs.bea.com/wls/docs61/webapp/web_xml.html
-
Security in my web.xml in Tomcat 4
Hello,
I was using this application on Tomcat 3 and my web.xml worked perfectly well.
However when I tried to start it on Tomcat 4 there is something wrong with the
security part of my web.xml . If I leave out the security constraint for this application, it
works. However if I make my application secure I am unable to view it in the browser.
It does not try to connect to the login.jsp page for log in , but simply displays the message that the page is unavailable and that I have to refresh my browser. Please help me with that because I am stuck.
Here is my web.xml :
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>UploadServlet</servlet-name>
<servlet-class>UploadServlet</servlet-class>
<init-param>
<param-name>SaveDirectory</param-name>
<param-value>C:\Homeworks\</param-value>
</init-param>
<init-param>
<param-name>Proffesors</param-name>
<param-value>Clayton,Douglass,Guruvado</param-value>
</init-param>
</servlet>
<security-constraint>
<display-name>Protected Homework Upload</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<!--<url-pattern>/servlet/Upload</url-pattern>-->
<url-pattern>/servlet/UploadServlet</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>student</role-name>
<role-name>proffesor</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Thank you very much for your time and advise. I appreciate it very much
Martinhi,slice
I donot really find exactly what is wrong in your config file. But I have some suggestions:
1.Please use servlet URL mapping in "servlet" tag (for example: "/security/upload") instead of using default servlet URL(just like "/servlet/UploadServlet").
2. In the "url-pattern" tag inside "web-resource-name" ,please using "/security/*", if you are using my suggestion above.
3.Make sure that your "login.jsp" page is in the right place of the application's doc-root.
Make a try and good luck!
Wang Yu
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support -
hello i'm java junior programmer.
my file web.xml bind the follow tag
<security-constraint>
<web-resource-collection>
<web-resource-name>UIWebSecurity</web-resource-name>
<description></description>
<url-pattern>/</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Utente Autenticato</description>
<role-name>UtenteAutenticato</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>OpenWAY</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
bat a i got a trouble .
after my login in login.html page ,the application required my ather log
thanks for help mePlease read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop. -
Hi all,
1)I have webapplication , I want to use form authentication to security it , under my root test , I have login.html, and secure folder ( group of pages),
I have two tables in my sql server , they are users, and user_role, mean time I give every user role member.
2) in my conf/server
I have <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
connectionURL="jdbc:microsoft:sqlserver://localhost:1433"
connectionName="test" connectionPassword="1234"
userTable="users" userNameCol="Name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />in my root test, I have web xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
<welcome-file>Home.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Home.html</form-login-page>
<form-error-page>/ErrorLogin.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app> if I take away the security <auth-constraint>
<role-name>member</role-name>
</auth-constraint> in my web xml the whole application work fine after login, jump from page to page, action to action. but if I add it , I only can go to one page , every time I click the link it jump back to login page .
What mistake I make??
Best regard.Hi,
I'm assuming you invoking the JWS from JPD via a service control.
In this case, the serviceControl has setUsername and setPassword method which will allow you to specify the username and password
cheers
Raj -
Setting security constraint for web App
Hai all!
I am new to bea and i am trying to set up security constraints for my webaplication..
I want user to be authenticated before he access any of the pages in browser..
All i did was adding following entries to web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>
webresources
</web-resource-name>
<url-pattern>
</url-pattern>
</web-resource-collection>
<login-config>
<auth-method>
BASIC
</auth-method>
</login-config>
</security-constraint>
But no such thing is happening,,
I know i am doing wrong but donno where exactly i am wrong..
Pls guide me in sequnece of steps regarding what to do to accomplish what i want..
Thanks and Regards
ManoharI guess you need to set the role that is allowed to log into your application.
try this in web.xml:
<security-constraint>
<display-name>Whatever</display-name>
<web-resource-collection>
<web-resource-name>resource</web-resource-name>
<description>Desc</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>desc</description>
<role-name>MyRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>desc</description>
<role-name>MyRole</role-name>
</security-role>
and map the role with a group/user in weblogic.xml:
<security-role-assignment>
<role-name>MyRole</role-name>
<principal-name>MyGroupOfUsers</principal-name>
</security-role-assignment>
Hope this helps.
Xavi
"Manohar" <[email protected]> wrote:
>
Hai all!
I am new to bea and i am trying to set up security constraints for my
webaplication..
I want user to be authenticated before he access any of the pages in
browser..
All i did was adding following entries to web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>
webresources
</web-resource-name>
<url-pattern>
</url-pattern>
</web-resource-collection>
<login-config>
<auth-method>
BASIC
</auth-method>
</login-config>
</security-constraint>
But no such thing is happening,,
I know i am doing wrong but donno where exactly i am wrong..
Pls guide me in sequnece of steps regarding what to do to accomplish
what i want..
Thanks and Regards
Manohar -
Issue with Security Constaraint in web.xml
Hi,
I have a requirement of having only few set of jspx access to a admin user with some role assigned and another set of jspx to all users. I have created one role in OID and assigned it to admin.
I have defined two security-constraint tags in web.xml for each set of jspx:
<security-constraint>
<web-resource-collection>
<web-resource-name>AllAccess</web-resource-name>
<url-pattern>/aarlmsUpload.jspx</url-pattern>
<url-pattern>/aarlmsDownload.jspx</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name></role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminAccess</web-resource-name>
<url-pattern>/aarlmsAdminOperations.jspx</url-pattern>
<url-pattern>/aarlmsProfileOptions.jspx</url-pattern>
<url-pattern>/aarlmsOidUserMain.jspx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>developers</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<description>Developer</description>
<role-name>developers</role-name>
</security-role>
with this, jspx are directly getting opened without asking for SSO page. am I making any mistake ? Please let me know.
Thanks
SaikrishnaYour question doesn't appear to be relevant to this forum.
Maybe you are looking for
-
Time Evaluation: Problem with Absence Quotas
Hi Gurus, When vacation days are keyed in advance, and at a later date are made inactive as a result of a LOA. What happens in those cases is that SAP still considers the absence valid and it remains as deducted from the vacation quotas. How can we p
-
I have bene shut down from my previous Apple email ID as i left my company email' server. I have move to gmail and have successfully reset my Apple ID accordingly. My iCloud, IFace etc...unfortunately pop up with the previous email address and I dont
-
Acrobat 9 flash/flex form scrolling and hand mouse pointer problems
Hello. There is pdf file with embeded flash swf file inside. Main business logic has been implemented on flash: there are drop-down interactive menu and navigation links. I've noticed 2 problems related to Acrobat (flash movie itself, standalone, wo
-
i have a byte[] which I have got from DB. I want to convert it into a object before returning it from a method. There is a wraaper class for byte i.e. Byte. But I am not sure tha how to convert a byte[] into an Object. Thanks!!
-
I've done a bit of research and still not to sure how exactly to do this... If you have a fullscreen flash site, by default your browser scrollbar is disabled. So if someone's screen is smaller than the site, they can't scroll to see whats off the pa