Security in JSP -1

text zoom

Previous: Session Tracking in JSP Security in JSP -2 :Next

Security is defined as the condition of being protected against danger or loss. The security is very important in any web application as the web applications are mostly exposed to all the people in the world. The levels of security can be

Transport Level security using HTTPS.

Authentication and Authorization

Role Based Access Control

Container-managed Security

Application-managed Security.

The web application can be configured to use any level of security as per the requirement and criticality of the site.

Application Managed Vs Container Managed Security

Implementation For Container Managed Implementation For Application Managed

Container Managed	Application Managed
Authentication and Authorization are specified in web.xml. It uses multiple authentication schemes, such as Password Authentication Form-based Authentication Client side Digital Certificates etc.. Redirects are handled automatically. User data can be provided by a variety of stores xml file or flat files. In tomcat the Data is provided in TOMCAT_HOME/conf/tomcat-users.xml	Using the Username and Password forms.. Cookies Using Servlet Filters. Using SSLEXT with Struts to enable HTTPS.

The following is the Example to implement the Container Specific Security in Tomcat.

(1) tomcat-user.xml File

<?xml version =' 1.0 ' encoding =' utf-8 '?>
<tomcat-users>
     <role rolename =" tomcat "/>
     <role rolename =" role1 "/>
     <role rolename =" admin "/>
     <user username =" tomcat " password =" tomcat" roles =" tomcat "/>
     <user username =" both " password =" tomcat" roles =" tomcat,role1 "/>
     <user username =" role1 " password =" tomcat" roles =" role1 "/>
     <user username =" visualbuilder " password =" test " roles =" admin "/>
</tomcat-users>

(2) Web.xml file

<?xml version =" 1.0 " encoding =" UTF-8 "?>
<web-app version =" 2.4 " xmlns =" http://java.sun.com/xml/ns/j2ee " xmlns:xsi =" http://www.w3.org/2001/XMLSchema-instance " xsi:schemaLocation =" http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd ">
<security-constraint>
     <web-resource-collection>
         <web-resource-name> application </web-resource-name>
         <url-pattern> /security.jsp</url-pattern>
     </web-resource-collection>
     <auth-constraint>
         <role-name> admin </role-name>
     </auth-constraint>
</security-constraint>
<login-config>
     <auth-method> BASIC </auth-method>
     <realm-name> securityapp </realm-name>
</login-config>
<security-role>
     <description> Testing the Application Security </description>
     <role-name> admin </role-name>
</security-role>
</web-app>

Output:-

The following screen appears when you try to run the application. It will ask for username and password and once you enter "visualbuilder" as username and "test" as password then only it will display the pages of the application.