VisualBuilder
  Home > Jsp > Tutorials > Security in JSP -1 - JSP Tutorial
Tell a friend
Link to us
Total Members
      Members: 84661
     
Sitemap Forum Chat
Home
JSP Tutorial Home
1 . Introduction to JSP
2 . Why use JSP?
3 . JSP compared to ASP,ASP.NET and Servlets
4 . JSP architecture
5 . Setting up the JSP environment
6 . Creating your first JSP page
7 . Using JSP tags
8 . Declaration tag
9 . Expression tag
10 . Directive tag
11 . Scriptlet tag
12 . Action tag
13 . Creating your second JSP page
14 . Implicit Objects
15 . Creating a Form
16 . Processing a Form
17 . Creating a Form (more elements)
18 . Processing a Form (more elements)
19 . Processing a Form (more elements)
20 . Getting Client Info
21 . Review and next steps
22 . Beans scopes in JSP
23 . JSP Bean scope examples
24 . Uploading Application in JSP.
25 . Modularization in JSP
26 . Exception Handling in JSP-1
27 . Exception Handling in JSP-2
28 . Session Tracking in JSP
29 . Security in JSP -2
30 . Security in JSP -1
31 . Internationalization in JSP application
32 . Introduction To Expression Language.
33 . Introduction to Tag libraries
34 . Introduction To Core Taglib -1
35 . Introduction To Core Taglib -2
36 . Function Taglib
37 . Database Handling in JSP.
38 . Creating User Defined Custom Tag -1
39 . Creating User Defined Custom Tag -2
40 . Best Practices in JSP
 
 
JSP Home
JSP Members (18705)
JSP Member Articles ( 11 )
JSP Discussion (71)
JSP Q & A ( 81 )
- JSP Ask Question
- JSP Questions
- JSP Unanswered Questions
JSP Resources
JSP Source Code (172)
JSP Articles (34)
JSP Blogs (330)
JSP Jobs (0)
JSP Components (10)
JSP Books (372)
JSP Websites (13)
JSP News (12)
 
GROUPS
.NET
ASP.NET
.NET
C#
ASP
Visual Basic
Java
Java
JSP
EJB
Other
Delphi
C++
Ajax
UML
JavaScript
PHP
Web Design
Web Hosting
SQL Server
Oracle
Project Management
More Groups

 
LEARNING CENTER
TUTORIALS
.NET
.NET Tutorial
ASP Tutorial
ASP.NET Database Tutorial
ASP.Net Security,Internationalisation And Deployment
ASP.NET Tutorial
C# Tutorial
Web Development
Flex Tutorial
HTML Tutorial
Learn AJAX Tutorial
PHP Tutorial
Software Development
Database Tutorial
SQL Tutorial
UML Tutorial
Java
Ant Tutorial
EJB 3 Tutorial
Hibernate Tutorial
Java Tutorial
Java Web Component Tutorial
Java XML Tutorial
JDBC Tutorial
JDK1.5 Tutorial
JSF Tutorial
JSP And J2EE Design Tutorial
JSP Tutorial
Spring Tutorial
Struts Tutorial

RESOURCES
Q & A (451 )
Source Code (3275 )
Articles (359 )
Books (372 )
Components (1596 )
News (892 )
Websites (1207 )

SUBMISSIONS
Submit Article
Submit Website
Submit News
Submit Source Code
Submit Component

COMMUNITY
Members Directory
Discussion Forum
Chat

SITE
About Us
Sitemap
Search
Contact Us
Link To Us
Feedback
Tell a Friend
Partners
Advertise

Jsp Tutorial
 Security in JSP -1
  << Prev: Security in JSP -2 Next: Internationalization in JSP application >>

Security is defined as the condition of being protected against danger or loss. The security is very important in any web application as the web applications are mostly exposed to all the people in the world. The levels of security can be



  • Transport Level security using HTTPS.

  • Authentication and Authorization

  • Role Based Access Control

  • Container-managed Security

  • Application-managed Security.


The web application can be configured to use any level of security as per the requirement and criticality of the site.


Application Managed Vs Container Managed Security









Implementation For Container Managed Implementation For Application Managed











Container Managed


Application Managed



  • Authentication and Authorization are specified in web.xml.

  • It uses multiple authentication schemes, such as Password Authentication Form-based Authentication Client side Digital Certificates etc..

  • Redirects are handled automatically.

  • User data can be provided by a variety of stores xml file or flat files. In tomcat the Data is provided in TOMCAT_HOME/conf/tomcat-users.xml




  • Using the Username and Password forms..

  • Cookies

  • Using Servlet Filters.

  • Using SSLEXT with Struts to enable HTTPS.



The following is the Example to implement the Container Specific Security in Tomcat.


(1) tomcat-user.xml File


<?xml version =' 1.0 ' encoding =' utf-8 '?>
<tomcat-users>
     <role rolename =" tomcat "/>
     <role rolename =" role1 "/>
     <role rolename =" admin "/>
     <user username =" tomcat " password =" tomcat" roles =" tomcat "/>
     <user username =" both " password =" tomcat" roles =" tomcat,role1 "/>
     <user username =" role1 " password =" tomcat" roles =" role1 "/>
     <user username =" visualbuilder " password =" test " roles =" admin "/>
</tomcat-users>


(2) Web.xml file


<?xml version =" 1.0 " encoding =" UTF-8 "?>
<web-app version =" 2.4 " xmlns =" http://java.sun.com/xml/ns/j2ee " xmlns:xsi =" http://www.w3.org/2001/XMLSchema-instance " xsi:schemaLocation =" http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd ">
<security-constraint>
     <web-resource-collection>
         <web-resource-name> application </web-resource-name>
         <url-pattern> /security.jsp</url-pattern>
     </web-resource-collection>
     <auth-constraint>
         <role-name> admin </role-name>
     </auth-constraint>
</security-constraint>
<login-config>
     <auth-method> BASIC </auth-method>
     <realm-name> securityapp </realm-name>
</login-config>
<security-role>
     <description> Testing the Application Security </description>
     <role-name> admin </role-name>
</security-role>
</web-app>


Output:-


The following screen appears when you try to run the application. It will ask for username and password and once you enter "visualbuilder" as username and "test" as password then only it will display the pages of the application.


 
  << Prev: Security in JSP -2 Next: Internationalization in JSP application >>
Jsp Tutorial Home
Give feedback and win a prize.

 
   Printer Friendly
   Email to a friend
   Add to my Favourites    
  Download PDF version
   Report Bad Submissions
   Submit Feedback
 
  Delicious   Digg   Technorati   Blink   Furl   Reddit   Newsvine   Google Click each image to add
this page to each site.
 
 
Welcome Guest Signup
MEMBER'S PANEL
EMAIL
PASSWORD
Forgot your password?
New User? Click Here!
 
Resend Activation Email!
 
SEARCH
 
 
 
ADVERTISEMENT
Partner List
Code Project
ASP Alliance
More
 
 
 
 

Home | Login | About Us | Contact Us | Privacy Policy | Advertising

© copyright 1999-2008 VisualBuilder.com