To secure you web application you need to add the following sequence to the
web.xml file for the web application you want to secure, amended for your
own needs:
security-constraint
web-resource-collection
web-resource-nameIntranet/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameIntranetUser/role-name
/auth-constraint
/security-constraint
login-config
auth-methodBASIC/auth-method
realm-nameUBQT Media Intranet/realm-name
/login-config
The web-resource-collection details the areas and access points of your
application you wish to secure. The web-resource-name *appears* to be just
an identifier for the particular web-resource, but with documentation for
this feature being very thin on the ground it's dificult to say for sure.
The url-pattern tag allows you to specify wildcard filters to determine
which files are to be secured. For example,
url-pattern/*.jsp/url-pattern will only ask for authentication for your
JSP files. You may also add http-method tags to limit authentication to
specific HTTP methods, such as GET or POST. By default all HTTP methods will
be authenticated.
The auth-constraint specifies the authentication constraints on users. For
example, the role-name tags allows you to specify that only users that
members of certain roles have access.
Finally, the login-config group allows you specify the authentication
method (which must be either BASIC or FORM). The realm-name tag allows you
specify the domain/realm name that will appear in the password dialog for
the client.
Hope that was helpful, yours...
--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444
-Original Message-
From: Leon Palermo [mailto:[EMAIL PROTECTED]]
Sent: 12 April 2001 15:00
To: [EMAIL PROTECTED]
Subject: JDBCRealms
Hello,
I have set up my database tables and the appropriate RequestInterceptor in
my server.xml file. Can someone show me an example of what
should be in the
web.xml file (including roles) to utilize the JDBCRealm? Thanks
in advance!
Leon Palermo