We will make some changes to the tags we added to configure security in the Protecting access to folders in web applications
section. Here are the changes:
- Rename role-name from admin to admin-role
- Remove the <security-role> tag
- Add the <login-config> tag
Here is what the changed declaration should look like:
<security-constraint>
<display-name>Admin resources</display-name>
<web-resource-collection>
<web-resource-name>admins</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>courseManagementJDBCRealm</realm-name>
</login-config>
Note that we specified the name of the realm we configured (on the GlassFish admin page) in the <login-config> tag. We removed <security-role> because roles are now saved in the database, in the Groups table. However, we need to map the roles declared in web.xml to groups in the database. This mapping is done in glassfish-web.xml. Create glassfish-web.xml in the same folder as that of web.xml, that is, src/main/webapp/WEB-INF, in the CourseManagementMavenWebApp
project. Add the following content to it:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>admin-role</role-name>
<group-name>admin</group-name>
</security-role-mapping>
</glassfish-web-app>
Here, we are mapping admin-role, which we declared in web.xml, with the admin group in the Groups table in the database.
Now, build the CourseManagementMavenWebApp and CourseManagementMavenEAR projects (in the same order) by right-clicking on the projects and selecting Run As | Maven Install, and then deploy the application in GlassFish as described in the Protecting access to folders in web applications
section.
Browse to http://localhost:8080/CourseManagementMavenWebApp/admin/admin.jsp. This time, the browser should display the contents of admin.jsp, once you enter the valid admin credentials; that is, the username as user1, and the password as user1_pass.