security-constraint for the Mine main page

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

security-constraint for the Mine main page

Pengcheng Yang
Dear InterMiners,

I don't know whether it is suitable to ask the question here. After
testing for a while with the guides from the web, I failed to implement
this feature.

I want to control some specific pages that still in developing stage
only acceptable to some specific users through tomcat
"security-constraint". I have performed the following test. However,
when I visit the link of "project/WEB-INF/test/index.html", the message
said "HTTP Status 403 – Forbidden", and the expected login window
doesn't appear.

Could anyone help me out?

Thank you and best,

Pengcheng Yang

=================== my implementation of the
security-constraint=============================

1. added the following content to the
apache-tomcat-8.5.30/webapps/project/WEB-INF/web.xml

   <security-constraint>
     <web-resource-collection>
       <display-name>Example Security Constraint</display-name>
       <web-resource-name>my example</web-resource-name>
<url-pattern>/WEB-INF/test/index.html</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>

     </web-resource-collection>
     <auth-constraint>
       <role-name>role1</role-name>
     </auth-constraint>
   </security-constraint>

   <login-config>
     <auth-method>FORM</auth-method>
     <realm-name>Example Form-Based Authentication Area</realm-name>
     <form-login-config>
<form-login-page>/WEB-INF/login3.html</form-login-page>
<form-error-page>/WEB-INF/loginerror.html</form-error-page>
     </form-login-config>
   </login-config>

   <security-role>
     <description>
     The role that is required to log into the sample application
     </description>
     <role-name>role1</role-name>
   </security-role>

2. the content of file /WEB-INF/login3.html

<html>
         <head>
                 <title>Login Page</title>
         </head>
         <h2>Hello, please log in:</h2>
         <br><br>
         <form action="j_security_check" method=post>
                 <p><strong>Please Enter Your User Name: </strong>
                 <input type="text" name="j_username" size="25">
                 <p><p><strong>Please Enter Your Password: </strong>
                 <input type="password" size="15" name="j_password">
                 <p><p>
                 <input type="submit" value="Submit">
                 <input type="reset" value="Reset">
         </form>
</html>

3. the content of file /WEB-INF/loginerror.html

<html>
         <head>
                 <title>Login Error</title>
         </head>
         <body>
         <c:url var="url" value="/WEB-INF/test/index.html "/>
         <h2>Invalid user name or password.</h2>
         <p>Please enter a user name or password that is authorized to
access this
         application. For this application, this means a user that has
been created in the
         <code>file</code> realm and has been assigned to the
<em>group</em> of
         <code>TutorialUser</code>.  Click here to <a href="${url}">Try
Again</a></p>
         </body>
</html>

_______________________________________________
dev mailing list
[hidden email]
https://lists.intermine.org/mailman/listinfo/dev