Skip to Main Content

Cloud Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Java security issue - if web.xml has <login-config> app avail w/ no log in

BBellDec 12 2012 — edited Jan 16 2013
I am trying to use Java EE security. Following the docs ( [http://docs.oracle.com/cloud/CSJSU/dev_app.htm#BCEHFDFC] ).

The problem is, if a web app has <login-config> in web.xml, then users are not sent to the Cloud login screen when they access the app with its URL. Even if the entry is <login-config/>!
(I did a test with a very small web app. When I leave <login-config/> out of web.xml, then when I access the app URL, I first have to log in (when I Whitelist test it, I get a warning about that tag is missing). When I put <login-config/> in web.xml (the Whitelist warning goes away), but I can access the web app via its URL WITHOUT logging in at all.)

If users haven't logged in, then of course you don't know who they are and what their role is, so you cannot use normal web app security with protected resources.

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Feb 13 2013
Added on Dec 12 2012
3 comments
1,174 views