No login prompt when securing URLs on WebSphere Application Server V4.0
 Technote (FAQ)
 
Problem
Unable to secure web resources, when configuring security constraints and associated web resource collections to protect your web content.
 
Solution
In the Application Assembly Tool (AAT), when securing web resources, you configure security constraints and associated web resource collections to protect your web content. In the web resource collections, you define HTTP methods and URLs that will be part of the web resources to be constrained. The URLs defined are not an absolute path, but are relative to any context root that may be defined for the web module. If an incorrect or absolute path is entered in the URL, then you will not get prompted for a login/password as expected when you run your application, nor will you receive any errors.

For example, in the Petstore application shipped with WebSphere® Application Server, the application is run from a browser by typing: http://hostname/estore

If you open the petstore.ear in the AAT and attempt to secure the URL by creating a security constraint and web resource collection with a URL of "estore" or "/estore" or "estore*", when you run the application you will not get a login prompt at all. This is because the context root for "WebTier" is "estore". So the URL you are actually securing in this case would be:http://hostname/estore/estore which does not exist.


The correct web resource collection URL needed to secure http://hostname/estore would be "*" or "/*" or even left blank, as blank defaults to all urls within the root context.

You must also make sure to recycle the application server, and not just the enterprise application, after reinstalling the application in order to pick up any changes in the enterprise application.

 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 4.0.1
Software edition:
Reference #: 1044439
IBM Group: Software Group
Modified date: Oct 25, 2004