Home/ Questions/Q 8437933
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T07:34:10+00:00

I’m developing a Web Project with Java EE and I want that some JSP

  • 0

I’m developing a Web Project with Java EE and I want that some JSP are accessible only by some kind of users. I’ve read that using the web.xml descriptor I can set the visibility of some resources only to a ‘role-name’. But how do I set this role-name in the http session?
For instance, my descriptor has:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Access to Student pages</web-resource-name>
      <url-pattern>/Student/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Student</role-name>
    </auth-constraint>
  </security-constraint>

Where/How do I define the ‘Student’ role-name?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    That is the job of your application server. The server will store the roles in the session after authentication (if authentication is done by the server).

    web.xml — in your app

    <security-constraint>
    <web-resource-collection>
        <url-pattern>/Student/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Student</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

    How to assign users/logins to rolles is Server dependent, here a very basic example for tomcat:

    tomcat-users.xml — This file is in your Server, you have to extend it!

     <?xml version='1.0' encoding='utf-8'?>
 <tomcat-users>
    <role rolename="tomcat"/>

     <role rolename="Student"/>  <!-- you have to define all roles -->

    <user username="tomcat" password="tomcat" roles="tomcat"/>

    <user username="myname" password="mypassword" roles="Student"/> <!-- you have to assign login and roles -->
 </tomcat-users>
    • 0