Discussions

Web tier: servlets, JSP, Web frameworks: web.xml and security

  1. web.xml and security (1 messages)

    Below is the security declaration from my web.xml

    <security-constraint>
       <web-resource-collection>
          <web-resource-name>prefix-get-manager</web-resource-name>
          <url-pattern>/ManagerApplication/*</url-pattern>
          <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint>
          <role-name>manager</role-name>
       </auth-constraint>
    </security-constraint>


    No was soon as the user login, i authenticate the user, and he is a valid user, now i want the user to access "ManagerApplication", so how do the web application know that the user role is "manager" ? Do i need to put that "role" into session ? if i should then what should session variable name?

    Any help is appreciated, thanks
    Hari
  2. web.xml and security[ Go to top ]

    Access control is the responsibilty of the web container, you just have to make sure that when a user logs in, he becomes a member of a Group named "manager". This might include changing some container-specific descriptors (like weblogic.xml in WebLogic), adding something to your database or security-realted classes.

    Users without this authorization will be thrown to a login page whenever they try to access a forbidden URL.