|
| |
"J2EE Application Security"
Vol. 7, Issue 1, p. 30
Listing 1
<web-app>
<login-config>
<auth-method>BASIC|DIGEST</auth-method>
<realm-name>test</realm-name>
</login-config>
</web-app>
Listing 2
<web-app>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Listing 3
<web-app>
..
<security-constraint>
<web-resource-collection>
<web-resource-name>
Secure Content
</web-resource-name>
<url-pattern>/restricted/*</ url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
</security-constraint>
..
<security-role>
<description>
The role required to access restricted content
</description>
<role-name>AuthorizedUser</role-name>
</security-role>
</web-app>
Listing 4
<method-permission>
<role-name>admin</role-name>
<method>
<ejb-name>UserInformation</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<role-name>customer</role-name>
<method>
<ejb-name>UserInformation</ejb-name>
<method-name>getDetails</method-name>
</method>
</method-permission>
|
|
All Rights Reserved
Copyright © 2004 SYS-CON Media, Inc.
E-mail: info@sys-con.com
Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.
|
