Thread: Security in Server

Hi ,
I am trying to apply security to a resource. I am defining roles and users for that specific roles.
when i try to access the resource(XML file) through internet explorer, it is not asking me any username or password.
It is showing error like

message: Configuration error: Cannot perform access control without an authenticated principal

description: Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden.

Any ideas?

Hello, I take it this is something you are trying to do in your web.xml file?

Here is an example for you:

You can see here that we define a constraint for the path /path/to/secure/pages/* which means that any files on that path will be affected by this constraint. We also tell the web container that the role admin is needed to access these pages.

<security-constraint>
	<web-resource-collection>
		<web-resource-name>My secure pages</web-resource-name>
		<url-pattern>/path/to/secure/pages/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>admin</role-name>
	</auth-constraint>
</security-constraint>

Now we need to define the admin role.

<security-role>
	<role-name>admin</role-name>
</security-role>

And finally we shall make sure we have the authentication method set up. This will tell the server that we want the login type to be BASIC and that the name of the realm should be My secure pages.

<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>My secure pages</realm-name>
</login-config>

Here is the full thing.

<security-constraint>
	<web-resource-collection>
		<web-resource-name>My secure pages</web-resource-name>
		<url-pattern>/path/to/secure/pages/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>admin</role-name>
	</auth-constraint>
</security-constraint>
 
<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>My secure pages</realm-name>
</login-config>
 
<security-role>
	<role-name>admin</role-name>
</security-role>

See also: Metawerx Wiki: Web.xml

// Json

I am also defining in the same way.Except that i have not defined realm name.

Still when i try to open the resource using Internet explorer it is not prompting for credentials

Hi
Thanks for your help
I have restarted the server and got it working
Thanks.
Is it possible to know who has just signed in to the resource.
My resource is a XML file

If you have access to the HttpServletRequest object which I assume you will, try this.

request.getUserPrincipal().getName()

// Json

HI ,
My resource is not JAVA file or JSP file. It is XML file. is there any way to achieve this ?

Yeah by adding a servlet in front of the XML file, there is no way of knowing what user logged in by XML.

// Json