1 Reply Latest reply on Nov 20, 2002 11:23 AM by Martijn Lindhout

    Simple Secured Web Page

    Bruce Ferguson Newbie

      I have been trying to pull together just a simple example of how to secure a web page. I have a web page called: Secured.html in the directory com/pav/web.

      When I attempt to access the Secured.html page, it pops up the Basic Auth dialog. Then, no matter what I type in for username and password, it takes me to the Secured.html screen.

      I'm sure that I am missing something really basic, but I am very new to J2EE..

      Most of the stuff in the files below are pulled together as best I can figure out from the JBOSS documentation.

      Thanks in advance,
      --Bruce

      ------- web.xml --------
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>The Login Stuff</web-resource-name>
      <url-pattern>/com/pav/web/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>AuthorizedUser</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>The Restricted Zone</realm-name>
      </login-config>

      <security-role>
      The role required to access
      <role-name>AuthorizedUser</role-name>
      </security-role>

      --------- jboss-web.xml ----------

      <security-domain>java:/jaas/other</security-domain>


      ---------- the war file ----------
      META-INF/
      META-INF/MANIFEST.MF
      com/
      com/pav/
      com/pav/web/
      com/pav/web/Secured.html
      users.properties
      roles.properties
      WEB-INF/
      WEB-INF/web.xml
      WEB-INF/jboss-web.xml