geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Mittler" <nathan.mitt...@gmail.com>
Subject Re: securing a JSP
Date Sun, 13 Aug 2006 01:39:04 GMT
It seems that my problem was that I was forgetting the servlet mapping for
my JSP.  I added that in and it seems to work just fine.  N00b mistake :)

On 8/12/06, Nathan Mittler <nathan.mittler@gmail.com > wrote:
>
> I have a very simple web app (just a single JSP) and I seem to be unable
> to restrict access to it.  I am fairly new to J2EE so it is entirely
> possible (and likely) that I'm doing something wrong.
>
> Here's the content of my web.xml:
>
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>Protected</web-resource-name>
>           <url-pattern>/SimpleSecureWebApp/*</url-pattern>
>       <http-method>GET</http-method>
>       <http-method>POST</http-method>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>admin</role-name>
>     </auth-constraint>
>   </security-constraint>
>   <login-config>
>     <auth-method>BASIC</auth-method>
>     <realm-name>Ch14Realm</realm-name>
>   </login-config>
>   <security-role>
>     <role-name>admin</role-name>
>   </security-role>
>
> and here's my geronimo-web.xml:
>
>   <context-root>SimpleSecureWebApp</context-root>
>   <security-realm-name>Ch14Realm</security-realm-name>
>   <security>
>     <default-principal>
>       <principal name="normal_users" class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
>     </default-principal>
>     <role-mappings>
>       <role role-name="admin">
>         <principal name="admin_users" designated-run-as="true" class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>       </role>
>     </role-mappings>
>    </security>
>
> I had previously deployed an SQL realm named Ch14Realm and had tested the
> logins successfully.
>
> When I go to <geronimo>/SimpleSecureWebApp/index.jsp, I am expecting to be
> prompted for a username and password.  Instead, I am just brought directly
> to my index.jsp page.
>
> Any help would be greatly appreciated!
>
> Thanks,
> Nathan Mittler
>

Mime
View raw message