Reminder on how to quickly secure a web application on WebLogic Server


This post is not about a highly technical subject, but I guess it's nice to have it explained in a few words, for beginners,

and have the real stuff at a glance for experimented users who just want a reminder.


Actually, note the security has nothing to do with your code !

All this aspect relies on configuration + the login page and the error page (JSPs).

Here's what you have to do.


Assume you have a webapp called "MyWebApp".

In the WEB-INF directory, you'll have a web.xml and, if you want to deploy it on WebLogic server, another XML file : weblogic.xml.




Note : Here's presented the authentication through a html form.

In blue, the important stuff.


Web.xml :


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp_ID">





Weblogic.xml :


<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
    xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/920/weblogic-web-app.xsd">



Login.jsp :


    <title>Security WebApp login page</title>
  <h2>Please enter your username and password:</h2>
  <form method="POST" action="j_security_check">
  <table border=1>
      <td><input type="text" name="j_username"></td>
      <td><input type="password" name="j_password"></td>
      <td colspan=2 align=right><input type=submit value="Submit"></td>


login_failed.jsp :


<%@ page
response.setStatus(200); // To prevent IE from catching the response with its own error page
        <title>Security WebApp login error page</title>
    <body bgcolor="#cccccc">
            <h2>Vous n'êtes pas autorisé à accéder à l'application.</h2>


If you want to know more, take a look at the official documentation.


No comments: