Skip to main content

login page secure

6 replies [Last post]
Anonymous

hi

I am trying to implement form based login in ee5 + glassfish. I need the
login page alone to run in https and then later switch back to http.but
when i specify

< user- data- constraint>
CONFIDENTIAL

in web.xml for only the login page , it doesn't work . It still applies
it for the whole application.
Thanks in advance.

Thanks,
Rohiini N
Tata Consultancy Services
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

[att1.html]

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
V B Kumar Jayanti

Rohiini N wrote:

>
>
> hi
>
> I am trying to implement form based login in ee5 + glassfish. I need
> the login page alone to run in https and then later switch back to
> http.but when i specify
>
> < user- data- constraint>
>
CONFIDENTIAL >
>
> in web.xml for only the login page , it doesn't work . It still
> applies it for the whole application.
> Thanks in advance.

you may want to look at :
http://forums.java.net/jive/thread.jspa?messageID=248472&#248472

Thanks.
[att1.html]

V B Kumar Jayanti

V B Kumar Jayanti wrote:

> Rohiini N wrote:
>
>>
>>
>> hi
>>
>> I am trying to implement form based login in ee5 + glassfish. I need
>> the login page alone to run in https and then later switch back to
>> http.but when i specify
>>
>> < user- data- constraint>
>>
CONFIDENTIAL >>
>>
>> in web.xml for only the login page , it doesn't work . It still
>> applies it for the whole application.
>> Thanks in advance.
>
>
> you may want to look at :
> http://forums.java.net/jive/thread.jspa?messageID=248472&#248472

sorry i posted the wrong one, here is the right one :
http://forums.java.net/jive/thread.jspa?messageID=241569

Thanks.

>
> Thanks.

[att1.html]

anjana83
Offline
Joined: 2008-02-21
Points: 0

If I specify user data constraint as CONFIDENTIAL to any page, it renders that page as https. It is able to change http to https when CONFIDENTIAL is specified for any page. but after that, it does not go back to http even when user data constraint for those pages is specified as NONE. Why does this happen?
I have attached my web.xml with this.

Thanks.

Rohiini N

Hi Sahoo,

There is a small change in the web.xml code i sent few minutes back.

SecurePages
Secure Pages
/login.jsp --------------->Pl Note
the change here.
GET
POST

Rohiini N
Tata Consultancy Services
Mailto: rohiini.n@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

[att1.html]

Rohiini N

Hi sahoo

I have a jsp page called index.jsp. It is my welcome page and it has links
to other pages.
I have my login pages under the default webpages folder. I want my
login page alone to be secure. and this is my web.xml


faces/index.jsp


Constraint1

SecurePages
Secure Pages
/*
GET
POST



USERS


CONFIDENTIAL


FORM
myrealm

/login.jsp /loginError.jsp



USERS

And if i try to put this login.jsp and loginError.jsp under a folder named
logon and use the code as follows

/logon/login.jsp /logon/loginError.jsp It was not able to read the pages. As a result, it went to index.jsp
without displaying the login.jsp. Why doesnt it read the path? and what
should i do to make my login page alone secure.

Thanks in advance.

Thanks,
Rohiini

____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

[att1.html]

Sahoo

Hi Rohiini,

Can you tell us what you specified as the url-pattern while specifying
the security-constraint? Why don't you send us the XML snippet for the
entire security-constraint element, so that we have all the information
that we need to figure out what's going on.

Here is an example that works for me:

Constraint2

Resource2

/logon/*
GET
POST


CONFIDENTIAL


FORM

/logon/logon.jsp /logon/logonError.jsp

Thanks,
Sahoo

Rohiini N wrote:
>
>
> hi
>
> I am trying to implement form based login in ee5 + glassfish. I need
> the login page alone to run in https and then later switch back to
> http.but when i specify
>
> < user- data- constraint>
>
CONFIDENTIAL >
>
> in web.xml for only the login page , it doesn't work . It still
> applies it for the whole application.
> Thanks in advance.
>
> Thanks,
> Rohiini N
> Tata Consultancy Services
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net