To secure you web application you need to add the following sequence to the
web.xml file for the web application you want to secure, amended for your
own needs:
<security-constraint>
<web-resource-collection>
<web-resource-name>Intranet</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>IntranetUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UBQT Media Intranet</realm-name>
</login-config>
The <web-resource-collection> details the areas and access points of your
application you wish to secure. The <web-resource-name> *appears* to be just
an identifier for the particular web-resource, but with documentation for
this feature being very thin on the ground it's dificult to say for sure.
The <url-pattern> tag allows you to specify wildcard filters to determine
which files are to be secured. For example,
<url-pattern>/*.jsp</url-pattern> will only ask for authentication for your
JSP files. You may also add <http-method> tags to limit authentication to
specific HTTP methods, such as GET or POST. By default all HTTP methods will
be authenticated.
The <auth-constraint> specifies the authentication constraints on users. For
example, the <role-name> tags allows you to specify that only users that
members of certain roles have access.
Finally, the <login-config> group allows you specify the authentication
method (which must be either BASIC or FORM). The <realm-name> tag allows you
specify the domain/realm name that will appear in the password dialog for
the client.
Hope that was helpful, yours...
--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444
> -----Original Message-----
> From: Leon Palermo [mailto:[EMAIL PROTECTED]]
> Sent: 12 April 2001 15:00
> To: [EMAIL PROTECTED]
> Subject: JDBCRealms
>
>
> Hello,
>
> I have set up my database tables and the appropriate RequestInterceptor in
> my server.xml file. Can someone show me an example of what
> should be in the
> web.xml file (including roles) to utilize the JDBCRealm? Thanks
> in advance!
>
> Leon Palermo
>