Security problem in Web xml??

Hi all,
1)I have webapplication , I want to use form authentication to security it , under my root test , I have login.html, and secure folder ( group of pages),
I have two tables in my sql server , they are users, and user_role, mean time I give every user role member.
2) in my conf/server
I have <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
          connectionURL="jdbc:microsoft:sqlserver://localhost:1433"
         connectionName="test" connectionPassword="1234"
              userTable="users" userNameCol="Name" userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name" />in my root test, I have web xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
        <welcome-file>Home.html</welcome-file>
</welcome-file-list>
<security-constraint>
          <web-resource-collection>
               <web-resource-name>SecurePages</web-resource-name>
               <description>Security constraint for resources in the secure directory</description>
               <url-pattern>/secure/*</url-pattern>
               <http-method>GET</http-method>
          </web-resource-collection>
           <auth-constraint>
                       <role-name>member</role-name>
                        </auth-constraint>
          <user-data-constraint>
               <description>SSL not required</description>
               <transport-guarantee>NONE</transport-guarantee>
          </user-data-constraint>
     </security-constraint>
         <login-config>
              <auth-method>FORM</auth-method>
              <form-login-config>
                   <form-login-page>/Home.html</form-login-page>
                   <form-error-page>/ErrorLogin.jsp</form-error-page>
              </form-login-config>
         </login-config>
</web-app> if I take away the security <auth-constraint>
<role-name>member</role-name>
</auth-constraint> in my web xml the whole application work fine after login, jump from page to page, action to action. but if I add it , I only can go to one page , every time I click the link it jump back to login page .
What mistake I make??
Best regard.

Hi,
I'm assuming you invoking the JWS from JPD via a service control.
In this case, the serviceControl has setUsername and setPassword method which will allow you to specify the username and password
cheers
Raj

Similar Messages

Need api for changing security role in web.xml !!

My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
Do I need to provide any more information ? Let me know
Thanks,
Karthick

why and when do you change security-role? try to use ant task (perhaph you need xpath also). itÂ´s the better when you perform task about lifeÂ´s cycle of application.
please, describe your problem.
of course in you change web.xml you must restart the application.

Wrong security configuration in web.xml

Hi all
I am developing an application with JDeveloper 10.1.3.3 using ADF-BC/JSF. I have followed the example of SRDemo and my .jspx files are located in two folders : public_html/app and public_html/pricelist/
My application will have two user roles. The administrators who access everything and the users that need to access only the pages located in faces/app and get access denied mesages in all pricelist management pages.
I have used file based security and defined users and roles in jaz-data.xml. I have also verified that the data in that file are correct using the isUserInRole() function.
What I cannot get to work correctly is the security in the web.xml since the way I have it both users and admins are granted full access to the faces/app/pricelist pages.
The security constrains on my web.xml look like this :
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>PricelistData</web-resource-name>
            <description> Price list management pages</description>
            <url-pattern>faces/app/pricelist/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>UserData</web-resource-name>
            <url-pattern>faces/app/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>jazn.com</realm-name>
    </login-config>
    <security-role>
        <role-name>user</role-name>
    </security-role>
    <security-role>
        <role-name>admin</role-name>
    </security-role>Can anyone tell me what am I doing wrong, or suggest anything else I should check ?
Thanassis

Well you're orion-application.xml file looks okay to me, and addition if the isUserInRole is returning proper values, it's hooked up correctly.
(By the way, a useful bean/free piece of code to do just what you're doing is the JSF-Security scope as written by Duncan Mills on Sourceforge)
As such I'd be looking at the security constraints URLs. You haven't by chance changed the url-pattern for the Faces Servlet? The default is this:
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>...and your url-patterns assumes it starts with faces. Note it is correct in your url-patten to not include a forward slash before faces in the security constraint.
Another thing that springs to mind, when you navigate to the protected page through your menu structure, what URL do you see in the browser? Is it the URL of the page you came from, or the URL of the page you navigated to ... and in addition ..... another thing to try is in your browser, rather than navigating through your menu structure, go straight to the URL of the page. Does the login page then show?
The reason I mention this is if you're using the default navigation style in JSF for JDev 10.1.3 (if memory serves me well, it's direct), the Servlet may not actually inforce your protected page navigation as the navigated-to page is never actually served by the Faces servlet to the JEE engine to enforce security. I think I had a b1tch about this issue in the following OTN Re: ER: JSF direct navigation ignores JAZN container based security. Could this be what you're hitting?
As such try changing the navigation type to redirect.
CM.

Problem with web.xml

Hello,
I have a big problem with web.xml.
i can run the servlet demos with the default web.xml, but when i try to user a costum web.xml files, i receive a 404 page not found on a link.
i have some dificulty to post here. but can somebody help my with my web.xml files?
thanks for your help.
have a nice day!

Be careful with the place of your files and folders. It's possible that you've just mentioned the cause of your problem.
My web.xml is
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>gco</display-name>
<description>gco webapplicaties</description>
<servlet>
<servlet-name>MopoController</servlet-name>
<servlet-class>org.gertcuppens.controller.MopoController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MopoController</servlet-name>
<url-pattern>/MOPO</url-pattern>
</servlet-mapping>
</web-app>
When I want to call my web application locally, I use the URL http://localhost:8080/gco/MOPO.
The http://localhost:8080 calls Tomcat. With /gco, Tomcat knows it should look for a folder gco inside the webapps folder. This one should contain a WEB-INF/web.xml folder for further instructions.
With /MOPO Tomcat knows, having read the web.xml files of all webapps folders at start, it should look for a servlet with the name MopoController. And this MopoController points to the class org.gertcuppens.controller.MopoController. So, Tomcat knows where to find everything.
Try to see whether your Tomcat can find everything inside the folders using your web.xml file.

Problem with web.xml, while migratig application from JBOSS 5.0 to JBOSS5.1

Hi ,
Earlier my application was running fine on JBOSS 5.0 .
In that web.xml was like
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"
     id="WebApp_ID" version="2.4">
     <servlet>
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
               <param-name>config</param-name>
               <param-value>/WEB-INF/struts-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
     </servlet>
     
     <servlet>
          <servlet-name>perfMonCollector</servlet-name>
          <servlet-class>com.dbag.optimise.performancemonitor.timer.PerfMonitorCollector</servlet-class>
          <load-on-startup>4</load-on-startup>
          <init-param>
               <param-name>cronExpr</param-name>
               <param-value>0 0 0 */1 * ?</param-value>
               
          </init-param>
     </servlet>
     <servlet>
          <servlet-name>TransAnalysisCollector</servlet-name>
          <servlet-class>com.dbag.optimise.performancemonitor.timer.TransAnalysisCollector</servlet-class>
          <load-on-startup>3</load-on-startup>
          <init-param>
               <param-name>cronExprTransAnalysis</param-name>
               <param-value>*/30 * * * * ?</param-value>
          </init-param>
     </servlet>
     
     
     <servlet>
          <servlet-name>perfMonGenerator</servlet-name>
          <servlet-class>com.dbag.optimise.performancemonitor.timer.PerfMonPointsGenerator</servlet-class>
          <load-on-startup>2</load-on-startup>
     </servlet>
     
     
     <servlet-mapping>
          <servlet-name>action</servlet-name>
          <url-pattern>*.do</url-pattern>
     </servlet-mapping>
     
     <welcome-file-list>
          <welcome-file>jsp/index.jsp</welcome-file>
     </welcome-file-list>
But now i have deployed my application on JBOSS 5.1 GA version.
Now its giving exception.
Caused by:
org.xml.sax.SAXException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'init-param'. One of '{"http://java.sun.com/xml/ns/javaee":run-as, "http://java.sun.com/xml/ns/javaee":security-role-ref}' is expected. @ vfsfile:/local/dubeavi/jboss-5.1.0.GA/server/default/deploy/PerformanceMonitoringISE-1.0/WEB-INF/web.xml[28,15]
at org.jboss.xb.binding.parser.sax.SaxJBossXBParser$MetaDataErrorHandler.error(SaxJBossXBParser.java:426)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
at org.apache.xerces.xinclude.XIncludeHandler.startElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:199)
... 41 more

My new web.xml is like..
<web-app
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
     xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
     id="WebApp_ID"
     version="2.5">
     <servlet>
          <servlet-name>action</servlet-name>
          <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
          <init-param>
               <param-name>config</param-name>
               <param-value>/WEB-INF/struts-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
     </servlet>

Problem in web.xml file with weblogic server 8.1

Hi frnds,
I was deployed one Enterprise Application,it deploys successfully. But in server side thows Exeception in web.xml file.
Here the actual Exception
<HTTP> <BEA-101248> <[Application:
'G:\bea\user_projects\domains\mydomain\myserver\upload\jasmine.ear', Module: 'Ja
smine']: Deployment descriptor "web.xml" is malformed. Check against the DTD: or
g.xml.sax.SAXParseException: The content of element type "web-app" must match "(
icon?,display-name?,description?,distributable?,context-param*,filter*,filter-ma
pping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,welcome
-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security-constra
int*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*)". (line 61
, column 11).>
My web.xml file as follws....
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.4//EN"
"http://java.sun.com/dtd/web-app_2_4.dtd">
<web-app>
<display-name>Jasmine Applications</display-name>
<description>
Jasmine Applications
</description>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>examples.LoginServlet</servlet-class>
<init-param>
<param-name>java.naming.factory.initial</param-name>
<param-value>weblogic.jndi.WLInitialContextFactory</param-value>
</init-param>
<init-param>
<param-name>java.naming.provider.url</param-name>
<param-value>t3://localhost:7001</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>ShowQuoteServlet</servlet-name>
<servlet-class>examples.ShowQuoteServlet</servlet-class>
<init-param>
<param-name>java.naming.factory.initial</param-name>
<param-value>weblogic.jndi.WLInitialContextFactory</param-value>
</init-param>
<init-param>
<param-name>java.naming.provider.url</param-name>
<param-value>t3://localhost:7001</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>CatalogServlet</servlet-name>
<servlet-class>examples.CatalogServlet</servlet-class>
<init-param>
<param-name>java.naming.factory.initial</param-name>
<param-value>weblogic.jndi.WLInitialContextFactory</param-value>
</init-param>
<init-param>
<param-name>java.naming.provider.url</param-name>
<param-value>t3://localhost:7001</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ShowQuoteServlet</servlet-name>
<url-pattern>/showQuote/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CatalogServlet</servlet-name>
<url-pattern>/catalog/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>My secure resources</web-resource-name>
<description>Resources to be placed under security control.</description>
<url-pattern>/private/*</url-pattern>
<url-pattern>/registered/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>guest</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>WebApp</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<description>The role allowed to access our content</description>
<role-name>guest</role-name>
</security-role>
</web-app>
pls give me a good solution this exception.. I tried lot..
Thanks in Advance
Regards
Priya

Your DOCTYPE references 2.4, it should be 2.3. WLS 8.1 supports J2EE 1.3 which was servlet 2.3.
Servlet 2.4 is part of J2EE 1.4 and is supported by WLS 9.0/9.1. Also it uses XML Schema not a DTD.
-- Rob
WLS Blog http://dev2dev.bea.com/blog/rwoollen/

Error creating acl for (resource). I get this error when entering security info in web.xml.

We're using iWS 6.0. Is there some security configuration that needs to be done in order to use standard security directives in our web application's web.xml?
Thanks!

Hi ,
I have tried adding the following into web.xml but the security feature just doesnt work and the user can go to any page without any restriction.
<security-constraint>
<web-resource-collection>
<web-resource-name>Declarative Security Test</web-resource-name>
<url-pattern>/SuperServlet</url-pattern>
<url-pattern>/*</url-pattern>
<http-method>post</http-method>
<http-method>get</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>guest</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>guest</role-name>
<role-name>member</role-name>
</security-role>
The roles mentioned above have been added correctly into tomcat-users.xml..The version of tomcat I am using is tomcat5.0.28.Please help.

Using security-constraint in web.xml; not recognizing url-pattern tag

I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.

I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint.

Problem in web.xml -- servletcontext

Pls look at the code and web.xml file for invoking servlet.
index.html
<html>
<head>
<title>Servlet Context Example</title>
</head>
<body>
<form method="get" action="callservlet">
<input type="submit" value="Submit">
</form>
</body>
</html>ServletConExample.java
package com.servletcontext;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ServletConExample extends HttpServlet {
     private static final long serialVersionUID = 1L;
     ServletContext con;
     public void init()
          con = getServletContext();
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
          con.setAttribute("logname", "shobhit");
          response.sendRedirect("./com.servletcontext.TestServCon");
}TestServCon.java
package com.servletcontext;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class TestServCon extends HttpServlet {
     private static final long serialVersionUID = 1L;
     ServletContext con;
     public void init()
          con = getServletContext();
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
          String str = (String)con.getAttribute("logname");
          response.getWriter().println("value of attribute logname is "+str);
}web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
     <servlet>
          <servlet-name>servletcontext</servlet-name>
          <servlet-class>com.servletcontext.ServletConExample</servlet-class>
     </servlet>
     <servlet-mapping>
          <servlet-name>servletcontext</servlet-name>
          <url-pattern>/callservlet</url-pattern>
     </servlet-mapping>
     <Welcome-file-list>
          <Welcome-file>index.html</Welcome-file>
     </Welcome-file-list>
</web-app>Error Page:
HTTP Status 404 - /ServletContext/com.servletcontext.TestServCon
type Status report
message /ServletContext/com.servletcontext.TestServCon
description The requested resource (/ServletContext/com.servletcontext.TestServCon) is not available.
Apache Tomcat/5.5.26 I think problem is in web.xml file. Can any help me to resolve this problem.
Thanks,
Shobhit

You must declare TestServCon.java on web.xml as you did for the first servlet
and in the sendRedirect use the following code :
response.sendRedirect("TestServCon");//   TestServCon is the servlet mapping you declared in web.xml
//or this
response.sendRedirect("./TestServCon");

Problem in Web.xml.........

Hi to All,
I installed the eval version of Crystal Reporst XI, created an example report with it and now I want to call my report from JSF Page.i followed the crxi_startup_guide_for_j2ee.i got the error in 'web.xml' file.the error is:
"cvc-complex-type.2.4.a: Invalid content was found starting with element 'env-entry-value'. One of '{"http://java.sun.com/xml/ns/j2ee":env-entry-type}' is expected"
here i shows my entry in web.xml file:
<env-entry>
<env-entry-name>jdbc/mydatabase name</env-entry-name>
<env-entry-value>!com.microsoft.jdbc.sqlserver.SQLServerDriver!jdbc:odbc:mydatabase name</env-entry-value>
<env-entry-type>java.lang.String</env-entry-type>
</env-entry>
im unable to get what was the problem.my environment is Tomcat 5.0.28,SQL2000.
i created that report using ODBC connection.is it correct?suppose if i have to connect using JNDI means how to achive this?
can any one get me out of this please!!
Thanks in Advance,
--RK

This is my web.xml file........
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<env-entry>
<env-entry-name>jdbc/IMDB</env-entry-name>
<env-entry-value>!com.microsoft.jdbc.sqlserver.SQLServerDriver!jdbc:odbc:IMDB</env-entry-value>
<env-entry-type>java.lang.String</env-entry-type>
</env-entry>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>crystal_image_uri</param-name>
<param-value>crystalreportviewers11</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
Thnx,
Rk

How to add another secure url in web.xml?

hello i want to secure my web application i have two kind of users i have users and admin.each of them has each certificat users have permission to enter /users and admin have permission to enter /admins/ but i want also users to enter another folder which is /otheruserplace how can i add this in my web.xml file here is my code
http://pastebin.com/m3e13d3d9

Just add another url-pattern.
This has nothing to do with JSF however. More suitable place would have been the Servlets forum.

Set security contstraints in web.xml

what all shl i add to my web.xml to add the security constraints..
i need to make the client cert and authentication

http://edocs.bea.com/wls/docs61/webapp/web_xml.html

Security in my web.xml in Tomcat 4

Hello,
I was using this application on Tomcat 3 and my web.xml worked perfectly well.
However when I tried to start it on Tomcat 4 there is something wrong with the
security part of my web.xml . If I leave out the security constraint for this application, it
works. However if I make my application secure I am unable to view it in the browser.
It does not try to connect to the login.jsp page for log in , but simply displays the message that the page is unavailable and that I have to refresh my browser. Please help me with that because I am stuck.
Here is my web.xml :
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>UploadServlet</servlet-name>
<servlet-class>UploadServlet</servlet-class>
<init-param>
<param-name>SaveDirectory</param-name>
<param-value>C:\Homeworks\</param-value>
</init-param>
<init-param>
<param-name>Proffesors</param-name>
<param-value>Clayton,Douglass,Guruvado</param-value>
</init-param>
</servlet>
<security-constraint>
<display-name>Protected Homework Upload</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
     

     <url-pattern>/servlet/UploadServlet</url-pattern>
     
     <http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
     <http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>

<role-name>student</role-name>
<role-name>proffesor</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Thank you very much for your time and advise. I appreciate it very much
Martin

hi,slice
I donot really find exactly what is wrong in your config file. But I have some suggestions:
1.Please use servlet URL mapping in "servlet" tag (for example: "/security/upload") instead of using default servlet URL(just like "/servlet/UploadServlet").
2. In the "url-pattern" tag inside "web-resource-name" ,please using "/security/*", if you are using my suggestion above.
3.Make sure that your "login.jsp" page is in the right place of the application's doc-root.
Make a try and good luck!
Wang Yu
Developer Technical Support
Sun Microsystems
http://sun.com/developers/support

RE: security-constraint in web.xml of sunone 6.1

Hello again,
Still url-pattern of security-constraint issue in web.xml of sunone 6.1 (SP5).
I am pretty sure this pattern works fine in SunOne 6.0 and SunOne 6.1 SP2,
<security-constraint>
<url-pattern>/app/jws1/*.jsp</url-pattern>
<url-pattern>/app/jws1/*.jnlp</url-pattern>
</security-constraint>
In SunOne 6.0 or SunOne 6.1 SP2, if I have not yet logged in and type in a url matching the above patterns in a browser, I will be asked for username and password. But in SunOne 6.1 SP5, I won't be asked for username and password.

Unfortunately, that's not how <url-pattern> values work. They shouldn't have "worked" in 6.1 SP2. I'm pretty sure they didn't. 6.0 takes a more intuitive, but nonstandard, approach to <url-pattern> wildcards. That nonstandard behaviour was corrected in 6.1.
The Java Servlet Specification 2.3 -- see http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ -- defines the contents of the <url-pattern> as follows:
� A string beginning with a �/� character and ending with a �/*� postfix is used for path mapping.
� A string beginning with a �*.� prefix is used as an extension mapping.
� A string containing only the �/� character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
� All other strings are used for exact matches only.
That means that /app/jws1/* will do what you might expect, as will *.jsp, but /app/jws1/*.jsp will only match the exact URI /app/jws1/*.jsp. /app/jws1/*.jsp will not match a URI such as /app/jws1/filename.jsp.
If you can't construct appropriate authorization rules using <url-pattern>, you may wish to a) restructure your web app or b) use Web Server ACLs.

Security API on web.xml

hello i'm java junior programmer.
my file web.xml bind the follow tag
<security-constraint>
<web-resource-collection>
<web-resource-name>UIWebSecurity</web-resource-name>
<description></description>
<url-pattern>/</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Utente Autenticato</description>
<role-name>UtenteAutenticato</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>OpenWAY</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
bat a i got a trouble .
after my login in login.html page ,the application required my ather log
thanks for help me

Please read the Servlet specification for details on how to specify url-patterns (see section 11.2). Your "index.*" is not a legal pattern. You can only end in "/*" or "*.foo". See Servlet spec.
If after fixing that you have more questions, please include the actual sequence of requests (and responses), preferably from a network snoop.

Security problem in Web xml??

Similar Messages

Maybe you are looking for