0

Hi,
I have been working over the summer to create a very simple login page that just has the userName and the Password and all what I did is that this page printes the information entered in a new page. I have successfully done this part. My second project is to do users' roles like to eliminate what guests can see and change vs the manager who can do anything and make any changes. This is not a HW so I am not worried about posting my code as there is no cheating going on here: Here is what I have in my web.xml

<security-constraint>
        <web-resource-collection>
            <web-resource-name>
               SecuredBookSite
            </web-resource-name>
            <url-pattern>/secured/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description>
            Let only managers use this app
            </description>
            <role-name>manager</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
       <role-name>manager</role-name>
    </security-role>
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>

And here is the change I made to my tomcat-users file:

<tomcat-users>

<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="secret" roles="admin,manager"/>

</tomcat-users>

I would be so thankful for any advice as my summer is ending and I want to make sure I get to learn something out of it. Thanks

3
Contributors
3
Replies
10
Views
3 Years
Discussion Span
Last Post by stultuske
0

ehm .... if it is to have roles in your personal application, it has nothing to do with tomcat-users or the tomcat config.

you have to define roles in your db and application, not in your server.

0

This page describes the term JSP and lists other pages on the Web where you can find additional informationThe post is very informative. It is a pleasure reading it. I have also bookmarked you for checking out new posts.

Edited by pritaeas: Removed fake signature.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.