users@glassfish.java.net

Re: Securing web applications

From: <glassfish_at_javadesktop.org>
Date: Sun, 13 Dec 2009 23:06:15 PST

Hi Sudarsan...here it is:<br>

[b]sun-web.xml[/b]<br>
<?xml version="1.0" encoding="UTF-8"?><br>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application <br>Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd"><br>
<sun-web-app error-url=""><br>
  <context-root>/simplewebapp</context-root><br>
  <security-role-mapping><br>
    <role-name>admin</role-name><br>
    <group-name>appadmin</group-name><br>
  </security-role-mapping><br>
  <class-loader delegate="true"/><br>
  <jsp-config><br>
    <property name="keepgenerated" value="true"><br>
      <description>Keep a copy of the generated servlet class' java code.</description><br>
    </property><br>
  </jsp-config><br>
</sun-web-app><br><br>

[b]web.xml[/b]<br>
<?xml version="1.0" encoding="UTF-8"?><?xml version="1.0" encoding="UTF-8"?><br>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" <br>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <br>xsi:schemaLocation="http://java.sun.com/xml/ns/javaee <br>http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"><br>
    <session-config><br>
        <session-timeout><br>
            30
        </session-timeout><br>
    </session-config><br>
    <welcome-file-list><br>
        <welcome-file>index.jsp</welcome-file><br>
        </welcome-file-list><br>
    <security-constraint><br>
        <display-name>Admin Pages</display-name><br>
        <web-resource-collection><br>
            <web-resource-name>Administative Pages</web-resource-name><br>
            <description/><br>
            <url-pattern>/admin/*</url-pattern><br>
            <http-method>GET</http-method><br>
            <http-method>POST</http-method><br>
            <http-method>HEAD</http-method><br>
            <http-method>PUT</http-method><br>
            <http-method>OPTIONS</http-method><br>
            <http-method>TRACE</http-method><br>
            <http-method>DELETE</http-method><br>
        </web-resource-collection><br>
        </security-constraint><br>
    <login-config><br>
        <auth-method>FORM</auth-method><br>
        <realm-name>file</realm-name><br>
        <form-login-config><br>
            <form-login-page>/login.jsp</form-login-page><br>
            <form-error-page>/loginerror.jsp</form-error-page><br>
            </form-login-config><br>
        </login-config><br>
    <security-role><br>
        <description>Administrators</description><br>
        <role-name>admin</role-name><br>
    </security-role><br>
    </web-app><br>

I have also at
[Message sent by forum member 'javaislife' ]

http://forums.java.net/jive/thread.jspa?messageID=376331