Highest Voted 'web-security java-ee' Questions

4

votes

2answers

716 views

Java EE 6 Security Model: How to add or delete user

I read most of the documentation, I only see the use of @RolesAllowed or @DeclareRoles, how can I add user or delete user. I have a table of users with username and password in my database, how can I ...

asked Jul 21 '10 at 18:14

Thang Pham
3,0262081172

4

votes

1answer

581 views

Container Managed Security for Web APplication

I am completely new to Container managed security and need some help with configuring it in my web application. I want to restrict access to the jsp's within my web application. This is how i have ...

java web-applications java-ee web-security

asked Oct 19 '11 at 9:09

java_geek
1,46922744

3

votes

1answer

3k views

How to know if current web visitor logged in with Spring Security 3.0

We're using Spring Framework and Spring Security 3.0.x, how do we know if the current visitor is logged in and what their username is? I've always had the following code: public static String ...

spring spring-mvc java-ee spring-security web-security

asked Apr 27 '11 at 21:08

at.
4,8601261131

2

votes

1answer

371 views

How to apply Filter before security constraint in JBoss EAP6/AS7

Edit: For some context, I am using a custom security-domain and manually calling request.login. I am not using the standard FORM authentication. Edit: It seems like what I am really looking for is a ...

java java-ee jboss web-security jaspic

asked Aug 15 '12 at 13:51

user1535568
499

2

votes

2answers

49 views

programmatically retrieve security constraints from web.xml

Is there any possiblity to obtain the list of constraints from web.xml ? <security-constraint> <web-resource-collection> ...

java-ee servlets web-security

asked May 24 at 11:29

victor
1176

2

votes

1answer

347 views

Security in a Java EE client-server architecture

I am trying to implement security for the following architecture: Web tier: Tomcat 7 app server using GWT. Back end: JBoss 7.1 app server using EJBs and JPA to persist data. EJBs are consumed ...

security java-ee tomcat jboss web-security

asked Oct 25 '11 at 10:04

Gonzalo Garcia Lasurtegui
2,3971625

2

votes

0answers

335 views

web.xml security-constraints interfering with each other

I've defined the following security-constraints in the application's web.xml: <security-constraint> <display-name>Restrict access to XHTML files</display-name> ...

java-ee jsf-2 web-security web.xml

asked Dec 6 '11 at 11:43

Carlos Ferreira
115111

1

vote

2answers

856 views

limiting who can login by role with j2ee form based authentication

I'm using declarative J2EE form based authentication in my webapp, following the instructions given in various places such as here: http://java.dzone.com/articles/understanding-web-security It ...

java java-ee web-security websphere-7

asked May 30 '11 at 2:13

Toaomalkster
756

1

vote

1answer

28 views

JAAS login with unauthorised user

I've define two users: admin and user. now when I try to access admin pages using a no existing user, it send me back to the login page, so that's ok, But when I try to access admin pages using ...

security java-ee web-security jaas

asked Jun 5 at 16:23

Asme Just
548

1

vote

1answer

73 views

How can I add and view other AD LDAP attributes in a WAS v8.0 federated repository's LDAP repository?

Within WebSphere Application Server v8.0.0.5, I've set up a Security Domain. Within that Security Domain, I've created a federated repository consisting of: - an LDAP repository - a JDBC Custom User ...

java java-ee web-security websphere-8

asked Feb 25 at 8:41

Chris Harris
387

1

vote

1answer

200 views

Secure Remote Password protocol on application level

I'm writing a Java EE application, which allows new users to register themselves and then log in over the Internet. I'm storing the credentials an a db. Now, there are several ways to do that, e.g.: ...

java security java-ee web-security srp-protocol

asked Aug 27 '12 at 19:15

Puce
9,5051229

1

vote

2answers

94 views

Is it safe to make authorization decisions based on session attributes?

So I'm implementing custom security on my Java EE app. What I'm doing is every time a user attempts to log in, if the e-mail and password are correct, I'm saving their e-mail address as an attribute ...

session java-ee attributes web-security username

asked Jul 16 '11 at 20:45

Yasmani Llanes
493313

0

votes

3answers

397 views

how to bypass through Java EE security roles

Here is the example code from my web.xml <security-constraint> <display-name> change password</display-name> <web-resource-collection> ...

java java-ee web-security

asked Feb 10 '11 at 11:40

Imran Tariq
2,51442986

0

votes

3answers

167 views

How to secure links in your JSP web application?

I am hiding some links in my webapp depending on the user roles...Now for example I hide the link sample.jsp in my user with role equal to 1. Ofcourse this will hide but if this user knows the link he ...

jsp java-ee servlets authorization web-security

asked Feb 10 at 12:56

PeterS
546

0

votes

2answers

30 views

which phase should i use to intercept the login attempt in JSF

i am using a PhaseListener And i can see that my credentials is available directly from the RESTORE_VIEW all the way up to INVOKE_APPLICATION and RENDER_RESPONSE. Which all makes sense. I wonder what ...

java java-ee jsf-2 web-security

asked Jun 10 at 7:53

Beau Johnny Bekkestad
206

Tagged Questions

Related Tags