Home/ Questions/Q 8181539
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T00:33:34+00:00

first of all some details: I configured security as below in web.xml view plaincopy

  • 0

first of all some details: I configured security as below in web.xml
view plaincopy to clipboardprint?

<login-config>  
    <auth-method>FORM</auth-method>  
    <form-login-config>  
        <form-login-page>/formLoginPage.html</form-login-page>  
        <form-error-page>/formErrorPage.html</form-error-page>  
    </form-login-config>  
</login-config>  
<security-constraint>  
    <web-resource-collection>  
        <web-resource-name>MyBeerApp</web-resource-name>  
        <url-pattern>/web/form.html</url-pattern>  
        <url-pattern>/SelectBeer.do</url-pattern>         
        <http-method>POST</http-method>  
        <http-method>GET</http-method>  
    </web-resource-collection>  
    <auth-constraint>  
        <role-name>member</role-name>  
    </auth-constraint>  
    <user-data-constraint>  
        <!--transport-guarantee>CONFIDENTIAL</transport-guarantee-->  
    </user-data-constraint>  
</security-constraint>  
<security-role>  
    <role-name>admin</role-name>  
</security-role>  
<security-role>  
    <role-name>member</role-name>  
</security-role>  
<security-role>  
    <role-name>guest</role-name>  
</security-role>

in tomcat-user.xml as below:
view plaincopy to clipboardprint?

  <role rolename="member"/>  
  <role rolename="guest"/>  
  <user username="vgarg2" password="tomcat" roles="member,guest" />  
  <user username="vgarg3" password="tomcat" roles="guest" />

file are location as below:
view plaincopy to clipboardprint?

<TOMCAT_HOME>\Beer-v1\index.html  
<TOMCAT_HOME>\Beer-v1\web\form.html  
<TOMCAT_HOME>\Beer-v1\WEB-INF\web.xml  
<TOMCAT_HOME>\Beer-v1\WEB-INF\classes\...

contents of form.html:

view plaincopy to clipboardprint?

<html>  
<body>  
<h1 align="center">Beer Selection Page</h1>  
<form method="POST" action="../SelectBeer.do">  
Select Beer Characteristics  
Color : <select name="color1" size="1">  
            <option value="light1">Light</option>  
            <option value="amber1">Amber</option>  
            <option value="brown1">Brown</option>  
            <option value="dark1">Dark</option>  
        </select>  
    <br/>  
Can sizes:  
<input type="checkbox" name="sizes" value="12oz">12 oz</input>    
<input type="checkbox" name="sizes" value="24oz">24 oz</input>  
<input type="checkbox" name="sizes" value="36oz">36 oz</input>  
    <br/>  
    <center>  
        <input type="submit"/>  
    </center>  
</form>  
</body>  
<html>

Now my problem is that the request going to “http://localhost:8080/Beer-v1/web/form.html&#8221; is not getting constrained.
when I submit the request from /web/form.html to “http://localhost:8080/Beer-v1/SelectBeer.do&#8221; it checks for the authentication and asks for id/password info.

If i disable the security constraints the app works fine.

what is going wrong here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think issue here is that the response for http://localhost:8080/Beer-v1/web/form.html is being served from cache.

    If you require authentication for static pages, you should be sending cache control header saying the caching entities not to cache the response. For this you should be sending the following headers along with the response:

    • Cache-Control: no-cache,no-store
    • Pragma : no-cache

    NOTE: Without applying the headers above, if you refresh the page using F5, you should see that the authentication will work.

    I would suggest to have all the pages which requires authentication as JSP’s.

    • 0