In my defense, the first section of that entry WAS entitled I have no idea what I'm talking about. But it turns out my ignorance knows few bounds.
web.xml, access control, and Guice
I stated that in moving my BuildDB servlet under the control of Guice, I lost the ability to use a security-constraint in the web.xml file to stop the hoi polloi from accessing our servlet. Not so.
Simply have Guice respond to a URL pattern (such as "/*") that includes the security-constraint constrained URL below it, say /admin/*. All of your servlets now are Guicified, and the ones you want protected are protected.
Yeah, shoulda figured that out the first time.
war/WEB-INF/web.xml
<web-app> <!-- Servlets --> <security-constraint> <web-resource-collection> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <filter> <filter-name>guiceFilter</filter-name> <filter-class>com.google.inject.servlet.GuiceFilter</filter-class> </filter> <filter-mapping> <filter-name>guiceFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>com.lisedex.voluntickler.server.guice.VolunticklerServletContextListener</listener-class> </listener> <!-- Default page to serve --> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> </web-app>
The observant among you will notice that our package is now com.lisedex.voluntickler instead of com.lisedex.volinfoman. It's a sexy name change, I know, and I realize that you're a bit jealous, but the domains are already registered. Sorry.
Cheers
ReplyDelete