Hi,
I have been working over the summer to create a very simple login page that just has the userName and the Password and all what I did is that this page printes the information entered in a new page. I have successfully done this part. My second project is to do users' roles like to eliminate what guests can see and change vs the manager who can do anything and make any changes. This is not a HW so I am not worried about posting my code as there is no cheating going on here: Here is what I have in my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>
SecuredBookSite
</web-resource-name>
<url-pattern>/secured/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>
Let only managers use this app
</description>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>manager</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
And here is the change I made to my tomcat-users file:
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="secret" roles="admin,manager"/>
</tomcat-users>
I would be so thankful for any advice as my summer is ending and I want to make sure I get to learn something out of it. Thanks
