3

I have a very simple doubt, I know most of you might give a down vote for this question. But since I'm very new to Web applications, I don't know how it comes up.

Question: Whenever I login to some web application, I get a pop-up requesting for the authentication. Some thing similar to this,

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).

Where is the set up done for this? Im trying to do something similar for my Hello World Application. Please help me out.

Luiggi Mendoza
  • 85,076
  • 16
  • 154
  • 332
mee
  • 821
  • 5
  • 12
  • 28

1 Answers1

2

This is Basic Authentication supported by Servlet technology. This is how you define basic authentication for web resources in web.xml.

<login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>default</realm-name>
</login-config>

Please find here a complete example:

<?xml version='1.0' encoding='UTF-8'?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<web-app>
      <welcome-file-list>
           <welcome-file>welcome.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Success</web-resource-name>
                  <url-pattern>/secured/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>secured</role-name> 
            </auth-constraint>
      </security-constraint>

      <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>default</realm-name>
      </login-config>

       <security-role>
           <role-name>secured</role-name>
       </security-role>
</web-app>

Please read the below link for more understanding on several authentication mechanisms supported by Servlet technology:

Standard form authentification Java servlets

Community
  • 1
  • 1
Ramesh PVK
  • 15,200
  • 2
  • 46
  • 50
  • Hi,Thanks for the reply. But in a web application's web.xml file i found that there is no security-constraint added, but still it gives a pop- up for authentication. Is it compulsory that the web.xml file should contain the details or it can be done in some other way too? – mee Mar 14 '13 at 05:57
  • If you are seeing like a pop up, then is should be BASIC authentication that should be defined in web.xml. Please check if there is any default web.xml which is configuring that. – Ramesh PVK Mar 14 '13 at 06:07
  • It says, The server XXX requires a username and password. Warning:...(basic authentication without a secure connection). But in the web.xml file, Im not able to find the security-constraints.It just has a servlet, servlet-mapping, welcome-file List, locale-mapping. – mee Mar 14 '13 at 06:13
  • What server are you using? Can you check if the server is providing any default configuring which is enabling basic authentication. – Ramesh PVK Mar 14 '13 at 06:23