Featured Post

HTTP web resource protection and login mechanism

-
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
j2ee standard way of protecting resources and login setup as mentioned here

   if we don't mention http-method in web.xml all methods will be protected by default . in other words if you mention  <http-method>GET</http-method>, this would protect only GET method for all resources and other methods like PUT,TRACE,HEAD,UPDATE,PATCH and DELETE requests on the resources would not be protected

   web.xml
  -----------

       <security-constraint>
           <web-resource-collection>
                <web-resource-name>All Access</web-resource-name>
                 <url-pattern>
                             /notsafe
                 </url-pattern>
                 <http-method>GET</http-method></b>
               <http-method>PUT</http-method></b>
              </b><b><http-method>UPDATE</http-method></b>
                </b><b><http-method>DELETE</http-method></b>
                </b><b><http-method>HEAD</http-method></b>
                </b><b><http-method>TRACE</http-method></b>
               </b><b><http-method>PATCH</http-method></b>
</web-resource-collection>
       <user-data-constraint>
             <transport-guarante>NONE</transport-guarante>
   </user-data-constraint>
      <!-- login config -->
      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>default</realm-name>
     </login-config>

 </security-constraint>

we have 4 ways to authenticate in j2ee

    BASIC, DIGEST,HTTPS CLIENT and FORM  based authentication .




Another web.xml with full context
------------------------------------------
<security-constraint>
    <web-resource-collection>
        <url-pattern>/rest/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <url-pattern>/rest/orders/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>customer</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>my-default-realm</realm-name>
</login-config>








</div>

Comments

Post a Comment

Popular posts from this blog

[Inside AdSense] Understanding your eCPM (effective cost per thousand impress...

-
"What is eCPM? What affects my eCPM? What can I do to earn a higher eCPM?" Effective cost per thousand impressions (eCPM) is the amount of revenue you can expect to earn from AdSense for every 1000 impressions shown on your site. Since eCPM helps you measure how well your ads are performing, we often hear questions from publishers about the factors that impact this metric and how it relates to their earnings. If you're using the new interface, you'll see that your reports show RPM (revenue per thousand impressions); RPM is just another term for eCPM, and it's calculated the same way, so we use these two terms interchangeably. To help provide some clarity, we're kicking off a two-part video series with more insights into how eCPM is calculated in order to help you maximize earnings. With the help of AdSense optimization specialist, Matthew Carpenter Arevalo, we'll show you the factors that affect eCPM, how to track user behavior and traffic patterns, and ...
Read more