0 Replies Latest reply on Oct 1, 2002 3:11 AM by Sanjay

    Security configuration for JSP/Servlet based application

    Sanjay Newbie

      Hello,
      I have a servlet and I want that no one should access the same. How to provide the declarative security for the same. I mean it should promp for login and password while accessing the same servlet/jsp. Do I need to code something in my servlet/jsp file for validation or declaring the security constraint in web.xml file is enough. Moreover tell me where to keep this web.xml file.
      My directory structure is as follows:

      JBOSS_HOME\server\default\deploy\client.war
      client.war contains
      |-- jsp (this directory has all the jsp)
      |--WEB-INF(contains web.xml file and Classes directory )
      |-- classes(contains servlets directory)
      |-- servlets(all the servlet classes here)

      More over do we need user.properties and role.properties file. If so where should I keep those.

      At present my web.xml file is as follows:

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">
      <web-app>

      <servlet-name>MyServlet</servlet-name>
      <servlet-class>servlets.MyServlet</servlet-class>

      </web-app>

      Can any one give me the complete xml file considering I have one servlet above.
      Context root starts from /client directory.

      Hope you got my problem.

      Thanks & Regards
      Sanjay