Sample Webapp
It is quite easy to test your setup now.
Prerequisites
Create a Servlet 3.1 compatible webapp project with a method of your choice, .e.g., Maven archetype or Eclipse project wizard. Configure the resources (authenticator and realm).
Modifying the Deployment Descriptor (web.xml
)
Let's now add some security constraints to your sample webapp. Open the app's web.xml
and add:
[…] <!-- Add these --> <security-constraint> <web-resource-collection> <web-resource-name>general</web-resource-name> <url-pattern>/index.jsp</url-pattern> </web-resource-collection> <auth-constraint> <!-- Every authenticated user can view this page --> <role-name>*</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>specific</web-resource-name> <url-pattern>/specific.jsp</url-pattern> </web-resource-collection> <auth-constraint> <!-- Every user in the $AD_GROUP can view this specific page --> <!-- Replace $AD_GROUP with a SID of a group or the mapped role name you are actually a member of --> <role-name>$AD_GROUP</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>bogus</web-resource-name> <url-pattern>/bogus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <!-- No user can view this page --> <role-name>Bogus</role-name> </auth-constraint> </security-constraint> […]
Creating the Necessary JSPs
Create the following JSPs in the root of your webapp: index.jsp
:
[…] Hello ${pageContext.request.remoteUser}! […]
specific.jsp
:
[…] Hello ${pageContext.request.remoteUser}, you are member of $AD_GROUP! […]
bogus.jsp
:
[…] Hello ${pageContext.request.remoteUser}, you should not see this! […]
Packaging and Deployment
Now package your webapp and deploy it to your remote Tomcat instance.
Verification
Open every single URL with a properly configured client like IE, Firefox, Chrome or even cURL on Windows. Your output should be as follows:index.jsp
: HTTP/1.1 200
, every user should see a response.specific.jsp
: HTTP/1.1 403
or HTTP/1.1 200
, depending whether a user is in the specific group, it should be a response or an error page.bogus.jsp
: HTTP/1.1 403
, every user should see an error page.