Shulou(Shulou.com)06/02 Report--

This article mainly introduces the example analysis of Servlet and JSP security issues, with a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to know about it.

1. Set up XML files

The * * step in configuring the web.xml file is to define a security constraint, that is, a tag. This tag protects the URL of the response so that it can only be accessed by specific users. Note that we have to define one or more HTTP methods using tags. If you want security constraints to be applied to all HTTP methods, simply ignore the tags.

After completing the above settings, the next step is to set up SSL. We can use the tag and a child tag of this tag to set it. But set the value to CONFIDENTIAL.

* * in one step, we need to set the verification method. This requires the setting of labels and child tags. Here we will set it to BASIC. Here is part of the web.xml file:

ServletApplication web-resource-name > / * url-pattern > web-resource-collection > ttrolerole-name > auth-constraint > CONFIDENTIAL transport-guarantee > user-data-constraint > security-constraint > BASICauth-method > defaultrealm-name > login-config > ttrolerole-name > security-role >

In the above example, only the user "ttrole" can access the Servlet and JSP pages.

These user authentications will be used in JavaEE environments, but in many operating system environments, users and groups are associated. Therefore, security-role-mapping provides a bridge between user header groups. In the JavaEE5 application server, we can literally mean the security-role-mapping tag in the sun-application.xml file as follows:

Myrolerole-name > myuserprincipal-name > security-role-mapping > ttrolerole-name > ttgroupgroup-name > security-role-mapping > arolerole-name > ttuserprincipal-name > security-role-mapping > sun-application >

Second, run the example code

In this section we will talk about how to run the above program. The integrated development environment we use here is NetBeansIDE5.5 and the NetBeans enterprise development kit. After installing NetBeans, we need to take the following steps to run the program.

1. First of all, we need to download this program, the download link is: example code. And then decompress it.

two。 Start NetBeans.

3. Open the webann project (the NetBeans project in the zip file just now). If a "Resolvemissingserverproblem" message appears, the application server has not been added to the list of servers in NetBeans. We can select Tools > ServerManager, and then add the corresponding server to the list.

4. Start JavaSystemApplicationServer with Sun embedded in NetBeans. We can also start the server by entering the following command in the command:

/ bin/asadminstart-domaindomain1

Above is the installation directory of the application server.

5. Create a user. We can do this through the administrative console (default is http://localhost:4848), which can be done by following these steps:

(1) Select Configuration > Security > Realms > file from the management tree on the left.

(2) Click ManageUsers, and then click New.

(3) enter information.

UserId:ttuser

GroupList:ttgroup

NewPassword:ttpassword

ConfirmNewPassword:ttpassword

(4) Click "OK" to save the settings.

After creating * users, create a second user ttusers2 in the same way, and enter the following information:

UserId:ttuser2

GroupList:ttgroup

NewPassword:ttpassword

ConfirmNewPassword:ttpassword

6. Follow these steps to compile the NetBeans project:

(1) right-click the webann node of the project window.

(2) Select CleanandBuildProject.

In this step, you will create the ear files and place them in the webann/dist directory.

7. Follow these steps to publish the ear file:

(1) right-click the webann node in the project.

(2) Select DeployProject.

In addition to the above publishing methods, we can also publish through the management interface in the following ways:

(1) Select Applications > EnterpriseApplications in the control tree on the left.

(2) Click Deploy.

(3) Click the "Browser" button to find the ear file

(4) Click OK.

We can also publish the ear file from the following command line:

Asadmindeploywebann.ear

8. Let's launch the browser and type https://:EnterpriseApplications in the address bar.

(2) Select webann, and then click Undeploy.

two。 Delete users through the management interface.

(1) Select Configuration > Security > Realmn > file

(2) Click ManageUsers.

(3) choose ttuser and ttuser2.

(4) Click Delete.

Thank you for reading this article carefully. I hope the article "sample Analysis of Servlet and JSP Security issues" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.