SJSC2u1 JSP accessing web.xml session-config session-timeout
What is the best way of accessing web.xml session-config session-timeout from JSP page ?
I wish to have this on the JSP page and also have it count down automatically.
I did this by creating a propery in the session bean and then used javascript to count it down.
Is there a better way ? Simpler Way ?
/Roger
What is the best way of accessing web.xml session-config session-timeout from JSP page ?
I wish to have this on the JSP page and also have it count down automatically.
I did this by creating a propery in the session bean and then used javascript to count it down.
Is there a better way ? Simpler Way ?
/Roger
Similar Messages
-
How can JSP access web.xml
I have a JSP application that requires properties that are kept in a text file, which I am currently reading from. I would like to move these properties in the web.xml file and read them from there.
I know how to read properties for a servlet from web.xml, however I do not know how to do this for a JSP. Can someone advise me?
Thanks
MatthewI'm not exactly sure what you are looking for, but if it's something you can do from a servlet, then you can do it from a JSP the same way. Remember, JSPs are compiled into servlets anyway. Just use the implicit objects (HttpServletRequest request, ServletContext application, etc)
-
Sun-web.xml memory based sessioning issue
I recently installed Sun WebServer 7.0 Update 8 on Fedora 20. Everything seems to be working fine with my webserver except for the memory based sessioning.
My First Configuration - no sun-web.xml file defined
Expected Behavior - I would assume that memory based sessioning would be used.
Actual Behavior on my local instance - Every 1-2 minutes my session would abruptly end and a new JSESSIONID would be issued. This does not happen on other machines running the same webapp, so it does seem to be a sun webserver configuration problem.
My Second Configuration - using the following sun-web.xml file:
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app>
<session-config>
<session-manager persistence-type="memory">
<manager-properties>
<property name="reapIntervalSeconds" value="20000" />
</manager-properties>
</session-manager>
</session-config>
</sun-web-app>
Expected Behavior - Memory based sessioning would be used
Actual Behavior on my local instance - Same as with no sun-web.xml. Every 1-2 minutes my session would abruptly end and a new JSESSIONID would be issued.
Does anyone see what is wrong with my sun-web.xml file? I'm also not sure if the file permissions/ownerships are correct on all of my sun webserver files. Is there a particular temp file or location that Sun Webserver uses to track active sessions? Or are in-memory sessions completely stored in memory and not on disk? Is there a default sun-web.xml file somewhere that is overriding my settings (and if so, where is it located)?
Thanks for your help!Hi,
Firstly you should know Fedora is not a support platform. it might work but you could run into a load of issues as your go.
in any case you don't need a sun-web.xml file at all. For any deployed Web app the default session manager is memory. So remove that 1st. After that check that
the requests are really sending a JSESSIONID. This kind of issue can occur when you have a Load balancer.
regards,
Russell -
How to map jsp in web.xml
Hi,
CAn anybody tell me that how to map .jsp in web.xml
thanx
vjoySame as servlets, except that you specify jsp-file in place of servlet-class - see below
<servlet>
<servlet-name>MyJspServlet</servlet-name>
<jsp-file>/jspServlet.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>MyJspServlet</servlet-name>
<url-pattern>/myJspServlet</url-pattern>
</servlet-mapping>cheers,
ram. -
Changing the directory Structure of Jsp and web.xml files
Hi,
I am using the JDeveloper 11g preview. Can any one tell me how to change the Jsp and web.xml files ( not in WEB-INF directory of the application) to another directory.
Thanks in Advance
GopalHi Frank,
Is it possible for me to change the folder structure which JDeveloper is providing for web project?
By default JDeveloper is giving the following folder structure.
In the project's root folder there is a public_html and src folder along with .jpr file.
In public_html folder thre is an WEB-INF folder and a jsp file
In WEB-INF folder there is an classes folder along with web.xml file.
I need to have the following folder structure :
The WEB-INF folder should be in root folder of project not in public_html folder
src folder must be in WEB-INF folder.
Thanks in Advance
Anil Golla -
Web.xml - adjusting the session configuration
I recently applied SP07 for NW7.01 to one of our portals, and since doing this I can not find where to make adjustments for the session timeout. It used to be defined in the web.xml, does anyone know where it was moved to?
I used to go here:
/usr/sap/<SID>/JC##/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp/irj/root/web-inf/web.xml and adjust the default of 30 as necessary. Where is this value found now?
I can also make the adjustment from the visual administrator under web container> properties> Session Timeout and this requries a restart of the web container service.
From SAP HELP:
Specifying HTTP Session Timeout
You can specify a timeout period for HTTP sessions created in your Web application. If the session is inactive for this timeout period, it is invalidated by the Web container.
If you do not specify such a timeout explicitly, a default one of 30 minutes is assumed.
You can configure the HTTP session timeout using the web.xml descriptor.
Procedure
On the web.xml screen, proceed as follows:
1. Open the General screen.
2. To specify the timeout period, enter a value in the Session configuration u2013 Session timeout field.
The value is specified in minutes. If you enter a negative value in this field, HTTP sessions are never terminated because of a timeout. Instead, only an explicit logout by the user will terminate the corresponding session.Hello David.
The help article is about custom development using NWDS. For adjusting session timeout system wide refer to Re: Portal session time out is 30 minutes.
Best regards,
Aliaksandr Zhukau -
Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints
Hello,
I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
<security-role>
<role-name>Admins</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/badlogin.html</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>empower</web-resource-name>
<description>These pages are only accessible by authorized users.</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>Administrators</role-name>
</auth-constraint>
<user-data-constraint>
<description>This is how the user data must be transmitted</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
My weblogic.xml has:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<wls:security-role-assignment>
<wls:role-name>Admins</wls:role-name>
<wls:principal-name>Administrators</wls:principal-name>
<wls:principal-name>dashap</wls:principal-name>
</wls:security-role-assignment>
</wls:weblogic-web-app>
With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?Hi John,
I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
Ideally, the flow is something like:
- user accesses an unprotected resource - resource is shown, no interaction with authentication provider
- user presses a link or button that takes him/her to a protected resource
- the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
- the application can access the subject and principals
- ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
If you more ideas to share - I would love to hear them.
best regards,
Lucas -
JSP, JavaBean, web.xml - how to fit together?
Servlets should be placed into the web.xml file to be recognized correctly by a application server.
Is this also true for JavaBeans (NOT Enterprise JavaBeans!)? Since I don't call a JavaBean directly but only over tags within a JSP I'm not sure about this. If I have to put it in there, do I use the same syntax?
e.g.:
<servlet>
<servlet-name>exampleBean</servlet-name>
<servlet-class>example.exampleBean</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>exampleBean</servlet-name>
<url-pattern>/exampleBean</url-pattern>
</servlet-mapping>
By using this, the will server know that this Bean has to be deployed?
Since I'm pretty new to this topic I'm grateful about any comment.
Thanks in advance!Hi,
JavaBean are java classes and they must be on the classpath in order to be loaded.
only servlet,jsp,filters,listeners must be declared in the web.xml file. all the java classes can be put under /WEB-INF/lib in order to be loaded by the appserver
hope it helps,
Giovanni -
Critical: Adding session-config to web.xml cause application NOT to start
I added the <session-config> element under <web-app> in web.xml:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
Now the app won't start!
The reason: the built-in sun app server removes context-root attribute from <web-module> element in domain.xml when the app tries to start!
Please fix this ASAP, guys!I placed it in the wrong place. After following the instructions contained in the Technical FAQ (below), it worked.
Add the following element in your web.xml file, placing it after the mapping for the error servlet and before the welcome file list:
<session-config>
<!-- Set global default timeout to 60 minutes -->
<session-timeout> 60 </session-timeout>
</session-config> -
Session timeout = 0 in sip.xml causes app session to expire instantly
Hi
I used 0 as the session timeout value by specifying in sip.xml. According to the JSR, 0 or less value for the session timeout implies session will never expire.
However the session times out as soon as call is executed.
<session-config>
<session-timeout>0</session-timeout>
</session-config>
Thanks
RuchirHi,
A session must always expire eventually - it is impossible to practically reserver resources for a session indefinitely. The general interpretation of a "0" value is not that the session will be maintained indefinitely, but that it will be expired by the container based on the container's management of resources. It it not advisable to attempt to define sessions that will never expire in any case.
BR,
-Mike -
Error 404--Not Found while accessing web app through Weblogic 6.1
Hi everybody,
I am new to Weblogic and recently installed Weblogic6.1
on my machine and I am trying to access my application using weblogic
and it gives
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
I have uploaded the WAR file of my application using the Admin
console. The WAR file is place under
\bea\wlserver6.1\config\mydomain\applications\screen.war.
What am I doing wrong ?
Thanks is advance.
PS: I am also including my web.xml file
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
<!-- Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>application</param-name>
<param-value>resources.nmr.ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- PDF servlet configuration -->
<servlet>
<servlet-name>pdf</servlet-name>
<servlet-class>com.abbott.gprd.servlets.PdfServlet</servlet-class>
</servlet>
<!-- PDF servlet Mapping -->
<servlet-mapping>
<servlet-name>pdf</servlet-name>
<url-pattern>/pdf</url-pattern>
</servlet-mapping>
<!-- MIME Mapping -->
<mime-mapping>
<extension>mol</extension>
<mime-type>chemical/x-mdl-molfile</mime-type>
</mime-mapping>
<!-- The Welcome File List -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- Application Tag Library Descriptor -->
<taglib>
<taglib-uri>/WEB-INF/app.tld</taglib-uri>
<taglib-location>/WEB-INF/app.tld</taglib-location>
</taglib>
<!-- Struts Tag Library Descriptors -->
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/nmr.tld</taglib-uri>
<taglib-location>/WEB-INF/nmr.tld</taglib-location>
</taglib>
</web-app>
hmm
it all looks ok to me
what happens if you try to access an image or something in your war (ie
something not java related)
also - i have seen on some machines that localhost doesnt work but 127.0.0.1
does work
your app should be trying to access index.jsp which should be in the root
directory of your war
does index.jsp exist and is it in the root directory of your war?
lastly - i noticed you have a startup servlet. Put a system.out in the init
method of the servlet. If the servlet is being deployed OK then you should
see some output in the console
"Ravi" <[email protected]> wrote in message
news:[email protected]...
> I am specifying the same http://localhost:7001/screen and it still
> gives the same error.
>
> Following is part of my cofig.xml where myapp is specified.
>
> <CustomRealm
>
ConfigurationData="user.filter=(&(cn=%u)(objectclass=person));user.dn=ou
=people,
> o=example.com;server.principal=cn=admin,
>
o=example.com;membership.filter=(&(member=%M)(objectclass=groupofuniquen
ames));group.filter=(&(cn=%g)(objectclass=groupofuniquenames));server.ho
st=ldapserver.example.com;server.ssl=true;group.dn=ou=groups,
> o=example.com"
> Name="defaultLDAPRealmForNovellDirectoryServices"
> Notes="This is provided as an example. Before enabling this
> Realm, you must edit the configuration parameters as appropriate for
> your environment."
> Password="{3DES}/4XkW5rmVvBHzFtI9SRK/g=="
> RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
> <Server ListenPort="7001" Name="myserver" NativeIOEnabled="true"
> TransactionLogFilePrefix="config/mydomain/logs/">
> <Log FileName="config/mydomain/logs/weblogic.log"
> Name="myserver"/>
> <SSL Enabled="true" ListenPort="7002" Name="myserver"
> ServerCertificateChainFileName="config/mydomain/ca.pem"
> ServerCertificateFileName="config/mydomain/democert.pem"
> ServerKeyFileName="config/mydomain/demokey.pem"/>
> <WebServer DefaultWebApp="DefaultWebApp"
> LogFileName="./config/mydomain/logs/access.log"
> LoggingEnabled="true" Name="myserver"/>
> <ServerDebug Name="myserver"/>
> <ExecuteQueue Name="default"/>
> <KernelDebug Name="myserver"/>
> <ServerStart Name="myserver"/>
> </Server>
> <Application Deployed="true" Name="screen"
> Path=".\config\mydomain\applications">
> <WebAppComponent Name="screen" Targets="myserver"
> URI="screen.war"/>
> </Application>
> <SNMPAgent Name="mydomain"/>
> <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
> <ApplicationManager Name="mydomain"/>
> <JTA Name="mydomain"/>
>
> Thanks in advance.
> Ravi.
>
>
> "Matt Krevs" <[email protected]> wrote in message
news:<[email protected]>...
> > what url are you specifying?
> >
> > i would guess that http://localhost/screen-web would work. Hard to say
> > without also seeing your config.xml
> >
> > The critical item in config.xml is the value of URI in the
webappcomponent
> > element for your application
> >
> > eg if it was
> >
> > <WebAppComponent Name="myapp-web" Targets="myerver" URI="myapp-web"/>
> >
> > then the url you would call is http://localhost/myapp-web
> >
> > "Ravi" <[email protected]> wrote in message
> > news:[email protected]...
> > > Hi everybody,
> > > I am new to Weblogic and recently installed Weblogic6.1
> > > on my machine and I am trying to access my application using weblogic
> > > and it gives
> > >
> > > Error 404--Not Found
> > > From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
> > > 10.4.5 404 Not Found
> > >
> > > I have uploaded the WAR file of my application using the Admin
> > > console. The WAR file is place under
> > > \bea\wlserver6.1\config\mydomain\applications\screen.war.
> > >
> > > What am I doing wrong ?
> > >
> > > Thanks is advance.
> > >
> > > PS: I am also including my web.xml file
> > >
> > > <?xml version="1.0" encoding="ISO-8859-1"?>
> > >
> > > <!DOCTYPE web-app
> > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > > "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
> > >
> > > <web-app>
> > >
> > > <session-config>
> > > <session-timeout>-1</session-timeout>
> > > </session-config>
> > >
> > > <!-- Action Servlet Configuration -->
> > > <servlet>
> > > <servlet-name>action</servlet-name>
> > >
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
> > > <init-param>
> > > <param-name>application</param-name>
> > > <param-value>resources.nmr.ApplicationResources</param-value>
> > > </init-param>
> > > <init-param>
> > > <param-name>config</param-name>
> > > <param-value>/WEB-INF/struts-config.xml</param-value>
> > > </init-param>
> > > <init-param>
> > > <param-name>debug</param-name>
> > > <param-value>2</param-value>
> > > </init-param>
> > > <init-param>
> > > <param-name>detail</param-name>
> > > <param-value>2</param-value>
> > > </init-param>
> > > <init-param>
> > > <param-name>validate</param-name>
> > > <param-value>true</param-value>
> > > </init-param>
> > > <load-on-startup>2</load-on-startup>
> > >
> > > </servlet>
> > >
> > > <!-- Action Servlet Mapping -->
> > > <servlet-mapping>
> > > <servlet-name>action</servlet-name>
> > > <url-pattern>*.do</url-pattern>
> > > </servlet-mapping>
> > >
> > > <!-- PDF servlet configuration -->
> > > <servlet>
> > > <servlet-name>pdf</servlet-name>
> > >
<servlet-class>com.abbott.gprd.servlets.PdfServlet</servlet-class>
> > > </servlet>
> > >
> > >
> > > <!-- PDF servlet Mapping -->
> > > <servlet-mapping>
> > > <servlet-name>pdf</servlet-name>
> > > <url-pattern>/pdf</url-pattern>
> > > </servlet-mapping>
> > >
> > > <!-- MIME Mapping -->
> > > <mime-mapping>
> > > <extension>mol</extension>
> > > <mime-type>chemical/x-mdl-molfile</mime-type>
> > > </mime-mapping>
> > >
> > >
> > > <!-- The Welcome File List -->
> > > <welcome-file-list>
> > > <welcome-file>index.jsp</welcome-file>
> > > </welcome-file-list>
> > >
> > > <!-- Application Tag Library Descriptor -->
> > > <taglib>
> > > <taglib-uri>/WEB-INF/app.tld</taglib-uri>
> > > <taglib-location>/WEB-INF/app.tld</taglib-location>
> > > </taglib>
> > >
> > > <!-- Struts Tag Library Descriptors -->
> > > <taglib>
> > > <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
> > > <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
> > > </taglib>
> > >
> > > <taglib>
> > > <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
> > > <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
> > > </taglib>
> > >
> > > <taglib>
> > > <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
> > > <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
> > > </taglib>
> > >
> > > <taglib>
> > > <taglib-uri>/WEB-INF/nmr.tld</taglib-uri>
> > > <taglib-location>/WEB-INF/nmr.tld</taglib-location>
> > > </taglib>
> > >
> > > </web-app>
-
Using security-constraint in web.xml; not recognizing url-pattern tag
I am creating a very simple jsp application within JDeveloper 10.1.3.1. I have 2 jsp files...a readData.jsp and a maintainData.jsp. I would like to deploy this application to Oracle Application Server 10.1.2.2. I would like to use Oracle Internet Directory with Single Sign on enabled. The deployment to OAS works fine. For the security, I would like an administrator user to get to both pages...and a user to only be able to see the readData.jsp. I used the security constraints on the properties of the web.xml file within JDeveloper. Here is my web.xml file:
<?xml version = '1.0' encoding = 'windows-1252'?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<description>Empty web.xml file for Web Application</description>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>usr_access</web-resource-name>
<url-pattern>readData.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usr_all</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>usr_all</role-name>
</security-role>
<security-role>
<role-name>adm_all</role-name>
</security-role>
</web-app>
When I deploy to OAS I added an OID account to the adm_all role...this works fine I can log on as that user and get to both jsps. But, when I add my user to the usr_all role within OAS I try to log on to the app...I then enter my SSO username and password and I get Access Denied errors from my browser when trying to access either page. I am confused about the <url-pattern> tag...is that relative to a directory within my deployment? Most of the examples I have seen use servlets...so I was wondering if I can even use the <url-pattern> tag to restrict/allow access to individual jsps? If someone could point me to some documentation on this set-up I would appreciate it!
Thank you.I was able to get this to work. By doing the following:
<security-constraint>
<web-resource-collection>
<web-resource-name>adm_full_access</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adm_all</role-name>
</auth-constraint>
</security-constraint>
I was restricting access to all other groups by uisng <url-pattern>*</url-pattern>. Any other security-constraints set-up after that will not work. So saying * requires usr_all will restrict ALL webpages to ONLY adm_all, regardless of what future constraints say. So, my first security-constraints lists all directories or pages that every user can access. My next security-constraint then list resources that only my admins (adm_all) can acess. Any other security constraints then are set-up for each user role that I have...if adm_all should have access to these then the <role-name>adm_all</role-name> is added to each security constraint. -
Welcome File in Web.xml
I am having problems with my web.xml file.
I have my welcome page <welcome-file> as my “home_page.jsp” which I want to be
the default page on start-up. On this page is a link to “log on”. When you click
on this you are taken to my (FORM) “Login.jsp”. After successful logon I want
to go to the “Welcome.jsp”, instead I am returned to my “home_page.jsp”. Which
puts me in a continuous loop. How after successful logon can I be directed to
a page other than the <welcome-file> “home_page.jsp”
My web.xml file looks like this;
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<welcome-file-list>
<welcome-file>Welcome.jsp</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginFailure.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>web-user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Logged into NOTiFY</web-resource-name>
<url-pattern>/Welcome.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>web-user</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Thanks.
It doesn't quite work that way. You should just direct the user directly to
the Welcome.jsp page. If they're not already logged in, they'll be asked to
log-in via the Login.jsp. The login mechanism knows to redirect them to the
last page they wanted once they successfully log in. I think this is why you
are being returned to the home_page.jsp, since there was no target
restricted page requested.
I have to admit - this mechanism doesn't lend itself to the portal-style
login used on the web. It's geared more towards security and authorization
for access to particular URL resources. You might need to tweak how your GUI
looks to make this mechanism make sense.
Alternatively, you could add some code to the home_page.jsp to redirect the
user to a specific restricted page based on what is in their session. I
would also suggest that the Welcome.jsp and home_page.jsp be the same page
that just behaves differently based upon whether a user is logged in or not.
"Roger Lee" <[email protected]> wrote in message
news:[email protected]...
>
> I am having problems with my web.xml file.
>
> I have my welcome page <welcome-file> as my "home_page.jsp" which I want
to be
> the default page on start-up. On this page is a link to "log on". When you
click
> on this you are taken to my (FORM) "Login.jsp". After successful logon I
want
> to go to the "Welcome.jsp", instead I am returned to my "home_page.jsp".
Which
> puts me in a continuous loop. How after successful logon can I be directed
to
> a page other than the <welcome-file> "home_page.jsp"
>
> My web.xml file looks like this;
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
>
> <web-app>
>
> <welcome-file-list>
> <welcome-file>Welcome.jsp</welcome-file>
> </welcome-file-list>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>default</realm-name>
> <form-login-config>
> <form-login-page>/Login.jsp</form-login-page>
> <form-error-page>/LoginFailure.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <role-name>web-user</role-name>
> </security-role>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Logged into NOTiFY</web-resource-name>
> <url-pattern>/Welcome.jsp</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>web-user</role-name>
> </auth-constraint>
> </security-constraint>
>
> </web-app>
>
> Thanks.
>
-
Problem in Web.xml.........
Hi to All,
I installed the eval version of Crystal Reporst XI, created an example report with it and now I want to call my report from JSF Page.i followed the crxi_startup_guide_for_j2ee.i got the error in 'web.xml' file.the error is:
"cvc-complex-type.2.4.a: Invalid content was found starting with element 'env-entry-value'. One of '{"http://java.sun.com/xml/ns/j2ee":env-entry-type}' is expected"
here i shows my entry in web.xml file:
<env-entry>
<env-entry-name>jdbc/mydatabase name</env-entry-name>
<env-entry-value>!com.microsoft.jdbc.sqlserver.SQLServerDriver!jdbc:odbc:mydatabase name</env-entry-value>
<env-entry-type>java.lang.String</env-entry-type>
</env-entry>
im unable to get what was the problem.my environment is Tomcat 5.0.28,SQL2000.
i created that report using ODBC connection.is it correct?suppose if i have to connect using JNDI means how to achive this?
can any one get me out of this please!!
Thanks in Advance,
--RKThis is my web.xml file........
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<env-entry>
<env-entry-name>jdbc/IMDB</env-entry-name>
<env-entry-value>!com.microsoft.jdbc.sqlserver.SQLServerDriver!jdbc:odbc:IMDB</env-entry-value>
<env-entry-type>java.lang.String</env-entry-type>
</env-entry>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>crystal_image_uri</param-name>
<param-value>crystalreportviewers11</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
Thnx,
Rk -
How to set two different welcome-file to different servlets in web.xml
Hi friends,
Can some one help with web.xml file
I have to different servlets in applications.
I want to set two different welcome files for my two different
servlets in web.xml
Please, can some one give me sample code to achieve this.
Here web.xml code:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>reports</servlet-name>
<servlet-class>com.caremark.ivr.servlet.IvrReportsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>reports</servlet-name>
<url-pattern>/reports</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>reportsindex.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>calldetails</servlet-name>
<servlet-class>com.caremark.ivr.servlet.IvrCallDetailsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>calldetails</servlet-name>
<url-pattern>/calldetails</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>calldetailsindex.jsp</welcome-file>
</welcome-file-list>
</web-app>
I need this fix immediately. Your help will be really appreciated. Thanks in advance.First of all, my understanding is that you need to have a Servlet 2.4 complaint server to do this...Given that, you're supposed to be able to simply specify the Name of the servlet as the welcome-file to get it to work. For example:
Your servlet section:
<servlet>
<servlet-name>Controller</servlet-name>
<servlet-class>com.company.ControllerServlet</servlet-class>
</servlet>Now you would add the following to your welcome file list:
<welcome-file-list>
<welcome-file>Controller</welcome-file>
</welcome-file-list>Note that you use the servlet-name value from the servlet definition, NOT the url-mapping from the servlet-mapping section.
Please note that I cannot verify this as I am running a 2.3 server at home. When I get to work Friday I can test on a 2.4 machine. However this shouldn't take you more than a minute to test.
Note that I did try this on the 2.3 compliant server and it did NOT work (as I expected)...
HTH.
Maybe you are looking for
-
Java.util.MissingResourceException error
Hi experts We have Installed ESS and all models are giving java.util.MissingResourceException error when I click on Language Resource. Please tell me it is problem with language settings, if so how to change the settings. I checked JCo language is se
-
Can apple tv be used to play purchased movies without broadband via airplay
can apple tv be used to play purchased movies from a ipad without broadband via airplay
-
Solaris containers and Fiber connection
Hi guys, I have sucsessfully migrated solaris 8 system to solaris 10 containers. and also mounted some RAID enabled partition on non global zone without any issue. now i need to connect a fiber channel to my host OS (solaris 10) and add the SAN parti
-
All, version: 11g One of my query which uses 'IN' operator in WHERE clause to filter. I used around 30 values inside the IN operator to filter. I'm facing performance issue with this, Is there any alternate to IN operator which improves the performan
-
Choose the true about types of mapping XI supports a. Structure Mapping b. Node mapping c. Value Mapping d. Functional Mapping i guess it supports all of those mappings specified.. iam i right on this??