I am working on a project, where I want to apply authentication on a particular url. Jboss Version: Jboss eap 6.1.0
There is an URL in my application http://localhost:8080/myApp/monitoring I want when user hit this url, it will ask for user id and password
The below are the steps that I have done
Add following in WEB.XML
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/monitoring</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
Then added user using add-user.bat file. But when I am hitting the url http://localhost:8080/myApp/monitoring server is responding back with Error Code 302 and the url is redirecting to https://localhost/myApp/monitoring
Can anyone please help on this. Thanks in advance.
You have misconfigured the security-constraint
element in web.xml
.
Try to use following value:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/monitoring</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
And now some details:
web-resource-collection
(otherwise only the named ones are protected) transport-guarantee
(with value not equal to NONE
) then you de facto requests using https
(SSL/TLS) instead of http
auth-constraint
(with list of roles to which you grant access) if you don't want to grant access to everyone
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.