xml - Java EE Web Security -


i have login page (welcome-page.jsp) checks if user exists in database. if password has provided correct , if type correct, redirected on page. want add security in sending data. i'm new ... here login form

<form method="post" action="authentification">         username: <input type="text" name="username" />         password: <input type="password" name="password" /><br/><br/>         log as:             <select name="type">                 <option value="manager">manager</option>                 <option value="employee">employee</option>             </select>         <input type="submit"value="login"/>     </form> 

and here web.xml (as far understood here's place add security sending data forms). possible add security without creating tomcat users , user-roles? i'm using tomcat 7

<web-resource-collection>     <web-resource-name>/welcome-page.jsp</web-resource-name>     <url-pattern>/authentification</url-pattern>     <http-method>post</http-method> </web-resource-collection>  <user-data-constraint>     <transport-guarantee>confidential</transport-guarantee> </user-data-constraint> 

   <auth-method>form</auth-method> <form-login-config>     <form-login-page>/welcome-page.jsp</form-login-page>     <form-error-page>/authentification-failed.jsp</form-error-page> </form-login-config> 

tomcat can configured use (username/password or ssl client certificate) authentication , role-based authorization. if want different roles, yes, have create roles. if using single role users, can use "*" role.

what missing in web.xml <security-constraint> elements. have @ servlet spec documentation how write security-constraint.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -