geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Aufdencamp <>
Subject RE: web.xml and security constraint
Date Tue, 29 May 2007 16:24:49 GMT
A couple of background questions for this one, and I'll see if I can

Have you configured a security realm and do you have a valid login
authentication working?  If not, you might refer to the wiki for
background on these.  We can also help you through that part.  Once
thats going, you'll have validated users and groups that are defined. 
I use a JDBC security realm with a users and groups table that can be
modified via  JDBC to add/remove users and groups.  

The <auth-constraint><role-name> for access will need defined in your
web.xml.  This matches up against the<security><role-mappings><role> in
the geronimo-web.xml.  The <principal name="??"> attribute matches up
against the roles in your security realm roles to identify users who
have that role.  You'll probably want to define a <default-principal>
in the geronimo-web.xml as well.

Send some more info and we'll see if we can get you there:)

Mark Aufdencamp

> -------- Original Message --------
> Subject: web.xml and security constraint
> From: "Don Hill" <>
> Date: Tue, May 29, 2007 12:00 pm
> To:
> Hi,
> I have the following resource protected in the web.xml, How can I
> define a
> geronimo-web.xml/security..... to match this so that the deployment
> works.
>   <security-constraint>
>         <!-- This security constraint illustrates how JSP pages
> with JavaServer Faces components can be protected from
> being accessed without going through the Faces Servlet.
> The security constraint ensures that the Faces Servlet will
> be used or the pages will not be processed. -->
>         <display-name>Restrict access to JSP pages</display-name>
>         <web-resource-collection>
>             <web-resource-name>
>                 Restrict access to JSP pages
>             </web-resource-name>
>             <url-pattern>/greeting.jsp</url-pattern>
>             <url-pattern>/response.jsp</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <description>
>                 With no roles defined, no access granted
>             </description>
>         </auth-constraint>
>     </security-constraint>

View raw message