Tomcat Example Form based Security Web Application Web Technology Example

\| Interview Questions on Java \|	\| Coding Tips on Java \|	\| Your Questions on Java \|	\| EJB \|	\| Servlet and JSP \|	\| Hibernate Tutorial \|	\| Spring Tutorials \|	\| Java Design Patterns \|	\| J2EE Design Patterns \|	\| Apache ANT \|
\| Apache DBCP \|	\| Struts Struts 2 Example Tutorial \|	\| Apache Beehive JdbcControl \|	\| Apache Log4j \|	\| Apache Axis \|	\| Open Source Project Ideas \|	\| Web Technology \|	\| J2EE Technology \|	\| Java News \|	\| Spring Hibernate Example \|
\| JavaScript Tips \|

Struts Tutorials: Struts2 Tag CheckBoxList
, Checkbox, Iterator, IF Struts2 Tag Library Example Struts2 Tiles Example Struts2 Tiles I18N Example Struts2 Questions Struts Tiles I18N Example Struts Eclipse MVC Struts2 Tags Struts2 Example and Tutorial Struts MVC Struts2 Validation
Hibernate Tutorials: Hibernate Case Study Class Hierarchy Persist Example Using Hibernate Interceptor Hibernate Questions with Answer Hibernate Many-to-Many Mapping Example Hibernate one-to-many Mapping Example Hibernate and ORM tools Spring Hibernate Example Hibernate SessionFactory Example Hibernate Mapping Class Hierarchy Hibernate Questions Hibernate SessionFactory Questions Spring Hibernate Example: Spring Hibernate Case Study


Please be informed that NONE of the design/code from this
page is claiming to be some sort of best practices and we DO NOT expect
any of our visitor/reader of this page to assume this as some sort of
best practice for any context and should not be using this 
as it is without appropriate evaluation to their, so to say, 
specific programming context.

This page intends only to provide bit and piece of known ways  for
doing some sort of example and may not be fit for any other purpose.

Explaining declarative security configuration in a web application based on roles and form-based authentication with an example case study. I have used Jakarta Tomcat 5.5.X web application server for Rapid deployment and easy to follow steps and my comfort level with Tomcat web server. But I think, these concepts may be applicable to any Java-based web server in general. These steps includes: 1. Defining Realm : I have used Tomcat web server's internal implementation of user database, that refers to the tomcat-users.xml file under server_root/conf folder. I have added an entry such as <user username="test" password="test" roles="manager"/> There are many other ways of defining realms, such as JDBC realm file realm, memory realms etc. 2. Making sure that memory realm is enabled for this Tomcat web server. By looking for an entry for "org.apache.catalina.users.MemoryUserDatabaseFactory" in server.xml file under server_root/conf folder, that this is un-commented. 3. Using web application configuration, such as defining resources and security constraints in web.xml file, as follows: <security-constraint> <web-resource-collection> <web-resource-name>sample security case study</web-resource-name> <description>Sample security case study</description> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> 4. defining login page and error page and Authentication method in web.xml file , as follows: <login-config> <auth-method>FORM</auth-method> <realm-name>sample security case study</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> 5. Defining login and error pages. For form based authentication method, login page should have form tag with action as "j_security_check" and username textbox with a name as "j_username" and password textbox with name as "j_password". And of course a submit button, as follows: Login page<br> <form method="post" action="j_security_check"> <br>Name: <input type="text" name="j_username"> <br>Password: <input type="password" name="j_password"> <br><input type="submit"> Please provide your suggestions, after log in. Thanks.

Author of this article/writeup has expressed his/her willingness

to help or guide users with any technical difficulties he/she faces while working with the example code environment setting up, running and resolving any such exception raised during compile or at runtime. You may ask for any technical doubt or seek technical help related to this article by using following form to reach for technical help from the Author for FREE. This article's Author shall be reading your request and responding within reasonable time (no resolution timeframe defined as such).

Hi Sir, I need a simple authentication form using Spring security and weblogic server. We need to add roles to 3 different users like administrator,normal user and priveleage user. Let me know how to create this application I am newer to J2EE application Plz help me Thanks, P.Ravishankar

Hi, I have already mentioned the tomcat-users.xml file as above please search for the word roles="manager". Please let me know if you have any more issues with this example or it works as it worked for me. -Amit.

Terms of Use and Disclaimer : This web site provides some of the information about various technologies, example code, tips, tutorials etc. Like any printed materials, content of these pages may become out of date over a period of time. Therefore all visitor/users of this web site are requested/advised to refer to the originating parties/sources for the latest changes and happenings for detailed information. This information is not intended to be a substitute for the original reference provided by the originating parties/sources. By accessing and using this website in any ways, including, without limitation, browsing the website pages, using any information, using any content and/or downloading any materials, you agree to and are bound by the terms of use described in this page and Usage Terms and Conditions. If you do not agree to all of the terms and conditions contained in the terms of use described in this page and Usage Terms and Conditions, do not use this website in any manner. If you are using the website on behalf of your employer, you represent that you are authorized to accept these Terms of Use on your employer's behalf. All Trademarks are property of their respective owner. Appropriate measure is being taken for providing accurate and up-to-date information but like any printed materials, these blog(s)/contents may eventually be outdated one day, so if you are using any of these information, please refer original content/documentation from respective sources. And under no circumstances shall the Author of these contents and/or this web site be liable for any loss, damage, expense incurred or suffered which is claimed to have occurred because of usage of the contents of this web site. If you have any questions/queries/feedback/suggestions then please write to this web site owner at contact.