[java ee programming] Re: Regarding Web security Lab

Wed, 15 Apr 2009 05:42:05 -0700 

Hi KolluraniPandian,
In web.xml file you mention what roles have privilege to access the
application. According to the given example, only the "staffmember" role has
access. See below.

<security-constraint>
    <web-resource-collection>
      <web-resource-name>basic secuity test</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*staffmember*</role-name>
    </auth-constraint>
  </security-constraint>

In the sun-web.xml file you map role name to groups and principal names
(users). See below.

Following snippets describes that security role "staffmember" has been
mapped to a group called "staff" and principal name called "j2ee". Basically
it says staffmember role has concrete user called j2ee and a group called
staff.

<security-role-mapping>
    <role-name>*staffmember*</role-name>
    <principal-name>*j2ee*</principal-name>
    <group-name>*staff*</group-name>
  </security-role-mapping>

In a nutshell, anyone in staff group or concrete user j2ee can access this
application. Even though j2ee is not a memner of staff group, he can access
the application as he is mapped to staffmember group.

Hope this helps.

Thanks
S



2009/4/15 mak pandian <kolluranipand...@gmail.com>

> Hello ,
> I have been doing Web security lab exercise since yesterday.I have a little
> doubt about it.In that exercise,j2ee is not a user of the group staff.The
> only user of this group is bill.When i run the application ,the user bill
> and j2ee have privilege access.
> My doubt is how did j2ee get privilege access with bill..
>
>
> Does anyone know about it,help me.
>
> One more thing i want is,How can we map role and principles in XML file?
>
> Thanks for your aid.
>
> --
> Regards
> KolluraniPandian A
> (Living in Virtual World)
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Java 
EE (J2EE) Programming with Passion!" group.
To post to this group, send email to 
java-ee-j2ee-programming-with-passion@googlegroups.com
To unsubscribe from this group, send email to 
java-ee-j2ee-programming-with-passion+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/java-ee-j2ee-programming-with-passion?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to