I have a very simple web app (just a single JSP) and I seem to be
unable to restrict access to it. I am fairly new to J2EE so it is
entirely possible (and likely) that I'm doing something wrong.
Here's the content of my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>/SimpleSecureWebApp/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Ch14Realm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
and here's my geronimo-web.xml:
<context-root>SimpleSecureWebApp</context-root>
<security-realm-name>Ch14Realm</security-realm-name>
<security>
<default-principal>
<principal name="normal_users"
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
</default-principal>
<role-mappings>
<role role-name="admin">
<principal name="admin_users" designated-run-as="true"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
</role>
</role-mappings>
</security>
I had previously deployed an SQL realm named Ch14Realm and had tested the logins successfully.
When I go to <geronimo>/SimpleSecureWebApp/index.jsp, I am
expecting to be prompted for a username and password. Instead, I
am just brought directly to my index.jsp page.
Any help would be greatly appreciated!
Thanks,
Nathan Mittler
- securing a JSP Nathan Mittler
- Re: securing a JSP Nathan Mittler
