xml - Java EE Web Security -
i have login page (welcome-page.jsp
) checks if user exists in database. if password has provided correct , if type correct, redirected on page. want add security in sending data. i'm new ... here login form
<form method="post" action="authentification"> username: <input type="text" name="username" /> password: <input type="password" name="password" /><br/><br/> log as: <select name="type"> <option value="manager">manager</option> <option value="employee">employee</option> </select> <input type="submit"value="login"/> </form>
and here web.xml (as far understood here's place add security sending data forms). possible add security without creating tomcat users , user-roles? i'm using tomcat 7
<web-resource-collection> <web-resource-name>/welcome-page.jsp</web-resource-name> <url-pattern>/authentification</url-pattern> <http-method>post</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>confidential</transport-guarantee> </user-data-constraint>
<auth-method>form</auth-method> <form-login-config> <form-login-page>/welcome-page.jsp</form-login-page> <form-error-page>/authentification-failed.jsp</form-error-page> </form-login-config>
tomcat can configured use (username/password or ssl client certificate) authentication , role-based authorization. if want different roles, yes, have create roles. if using single role users, can use "*" role.
what missing in web.xml
<security-constraint>
elements. have @ servlet spec documentation how write security-constraint.
Comments
Post a Comment