Latest Tutorials| Questions and Answers|Ask Questions?|Site Map



Home Servlets Servlet3 Specifying an Authentication Mechanism in the Deployment Descriptor

Related Tutorials


 
 

Share on Google+Share on Google+

Specifying an Authentication Mechanism in the Deployment Descriptor

Advertisement
In this section, you will learn how to specify an authentication mechanism in the deployment descriptor.

Specifying an Authentication Mechanism in the Deployment Descriptor

In this section, you will learn how to specify an authentication mechanism in the deployment descriptor.

Types of Security in Java EE

In a multitier enterprise application, several containers are needed to deploy various components of Enterprise tiers. These container also provide security to these components. Two types of security is provided by the container :

  • Declarative security  
    It uses deployment descriptor (web.xml) or annotations , to define security essentials of application's components.

  • Programmatic security
    When declarative security is not enough to hold the application's security model, programmatic security is employed.

Authentication Mechanism in the Deployment Descriptor

In declarative security , we can define security requirements of application's components in deployment descriptor (web.xml).

<login-config> element is employed to define authentication mechanism. The sub elements of this elements are given below :

  • <auth-method> sub element is used to sets up the authentication mechanism for the web application. It can have the following values : NONE, BASIC, DIGEST, FORM, or CLIENT-CERT.
  • <realm-name> sub element is used to define the realm name which is utilized when the basic authentication scheme is selected for the web-application.
  • <form-login-config> sub-element is used to define the login and error pages which will be used when form-based login is employed.

Security Roles

You can declare all the roles used in the application using <security-role> element of the deployment descriptor. Where as <auth-constraint> element tells us which of these roles is authorized to access protected resources.

EXAMPLE

You can declare form-based authentication and security roles in your deployment descriptor as follows :

web.xml

<web-app>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>User Auth</web-resource-name>
			<url-pattern>/auth/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>manager</role-name>
		</auth-constraint>
	</security-constraint>
	
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>User Auth</realm-name>
		<form-login-config>
			<form-login-page>login.jsp</form-login-page>
			<form-error-page>error.jsp</form-error-page>
		</form-login-config>
	</login-config> 
	
	<security-role>
		<role-name>admin</role-name>
	</security-role>
	<security-role>
		<role-name>manager</role-name>
	</security-role>
</web-app>

 

Advertisement

If you enjoyed this post then why not add us on Google+? Add us to your Circles



Liked it!  Share this Tutorial


Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Posted on: July 3, 2012

Related Tutorials

Discuss: Specifying an Authentication Mechanism in the Deployment Descriptor  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:0
DMCA.com