RE: JDBCRealms

Thu, 12 Apr 2001 07:02:50 -0700 

To secure you web application you need to add the following sequence to the
web.xml file for the web application you want to secure, amended for your
own needs:

        <security-constraint>

                <web-resource-collection>
                        <web-resource-name>Intranet</web-resource-name>
                        <url-pattern>/*</url-pattern>
                </web-resource-collection>

                <auth-constraint>
                        <role-name>IntranetUser</role-name>
                </auth-constraint>

        </security-constraint>

        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>UBQT Media Intranet</realm-name>
        </login-config>

The <web-resource-collection> details the areas and access points of your
application you wish to secure. The <web-resource-name> *appears* to be just
an identifier for the particular web-resource, but with documentation for
this feature being very thin on the ground it's dificult to say for sure.
The <url-pattern> tag allows you to specify wildcard filters to determine
which files are to be secured. For example,
<url-pattern>/*.jsp</url-pattern> will only ask for authentication for your
JSP files. You may also add <http-method> tags to limit authentication to
specific HTTP methods, such as GET or POST. By default all HTTP methods will
be authenticated.

The <auth-constraint> specifies the authentication constraints on users. For
example, the <role-name> tags allows you to specify that only users that
members of certain roles have access.

Finally, the <login-config> group allows you specify the authentication
method (which must be either BASIC or FORM). The <realm-name> tag allows you
specify the domain/realm name that will appear in the password dialog for
the client.

Hope that was helpful, yours...

--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444

> -----Original Message-----
> From: Leon Palermo [mailto:[EMAIL PROTECTED]]
> Sent: 12 April 2001 15:00
> To: [EMAIL PROTECTED]
> Subject: JDBCRealms
>
>
> Hello,
>
> I have set up my database tables and the appropriate RequestInterceptor in
> my server.xml file.  Can someone show me an example of what
> should be in the
> web.xml file (including roles) to utilize the JDBCRealm?  Thanks
> in advance!
>
> Leon Palermo
>

Reply via email to