Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 7 of 7

Thread: Security in Server

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Security in Server

    Hi ,
    I am trying to apply security to a resource. I am defining roles and users for that specific roles.
    when i try to access the resource(XML file) through internet explorer, it is not asking me any username or password.
    It is showing error like

    message: Configuration error: Cannot perform access control without an authenticated principal

    description: Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.

    Any ideas?


  2. #2
    Super Moderator Json's Avatar
    Join Date
    Jul 2009
    Location
    Warrington, United Kingdom
    Posts
    1,274
    My Mood
    Happy
    Thanks
    70
    Thanked 156 Times in 152 Posts

    Default Re: Security in Server

    Hello, I take it this is something you are trying to do in your web.xml file?

    Here is an example for you:

    You can see here that we define a constraint for the path /path/to/secure/pages/* which means that any files on that path will be affected by this constraint. We also tell the web container that the role admin is needed to access these pages.

    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>My secure pages</web-resource-name>
    		<url-pattern>/path/to/secure/pages/*</url-pattern>
    	</web-resource-collection>
    	<auth-constraint>
    		<role-name>admin</role-name>
    	</auth-constraint>
    </security-constraint>

    Now we need to define the admin role.

    <security-role>
    	<role-name>admin</role-name>
    </security-role>


    And finally we shall make sure we have the authentication method set up. This will tell the server that we want the login type to be BASIC and that the name of the realm should be My secure pages.

    <login-config>
    	<auth-method>BASIC</auth-method>
    	<realm-name>My secure pages</realm-name>
    </login-config>

    Here is the full thing.

    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>My secure pages</web-resource-name>
    		<url-pattern>/path/to/secure/pages/*</url-pattern>
    	</web-resource-collection>
    	<auth-constraint>
    		<role-name>admin</role-name>
    	</auth-constraint>
    </security-constraint>
     
    <login-config>
    	<auth-method>BASIC</auth-method>
    	<realm-name>My secure pages</realm-name>
    </login-config>
     
    <security-role>
    	<role-name>admin</role-name>
    </security-role>

    See also: Metawerx Wiki: Web.xml

    // Json

  3. #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Security in Server

    I am also defining in the same way.Except that i have not defined realm name.

    Still when i try to open the resource using Internet explorer it is not prompting for credentials

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Security in Server

    Hi
    Thanks for your help
    I have restarted the server and got it working
    Thanks.
    Is it possible to know who has just signed in to the resource.
    My resource is a XML file

  5. #5
    Super Moderator Json's Avatar
    Join Date
    Jul 2009
    Location
    Warrington, United Kingdom
    Posts
    1,274
    My Mood
    Happy
    Thanks
    70
    Thanked 156 Times in 152 Posts

    Default Re: Security in Server

    If you have access to the HttpServletRequest object which I assume you will, try this.

    request.getUserPrincipal().getName()

    // Json

  6. #6
    Junior Member
    Join Date
    Feb 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: Security in Server

    HI ,
    My resource is not JAVA file or JSP file. It is XML file. is there any way to achieve this ?

  7. #7
    Super Moderator Json's Avatar
    Join Date
    Jul 2009
    Location
    Warrington, United Kingdom
    Posts
    1,274
    My Mood
    Happy
    Thanks
    70
    Thanked 156 Times in 152 Posts

    Default Re: Security in Server

    Yeah by adding a servlet in front of the XML file, there is no way of knowing what user logged in by XML.

    // Json

Similar Threads

  1. UDP Server Client program to send and receive messages
    By Koren3 in forum Java Networking
    Replies: 1
    Last Post: September 5th, 2011, 10:16 AM
  2. Jar File Security
    By Symbols in forum Java Theory & Questions
    Replies: 1
    Last Post: February 28th, 2010, 09:48 PM
  3. Reading from RSS server
    By Tisofa in forum File I/O & Other I/O Streams
    Replies: 2
    Last Post: August 18th, 2009, 04:04 AM
  4. [SOLVED] Problem in UDS client,server program
    By Koren3 in forum Java Networking
    Replies: 8
    Last Post: March 28th, 2009, 03:05 PM
  5. Replies: 1
    Last Post: March 3rd, 2009, 07:04 AM