Code changes related to modifications in section 7 of the article (#1641)

* Change @ServletSecurity annotation to reflect usage of 2 different roles * Modification related to @ServletSecurity * Add new folder WEB-INF * Delete .gitkeep * Create web.xml inside WEB-INF * Update web.xml * Deleting this as its moved in to WEB-INF
2017-04-12 13:26:08 +05:30 · 2017-04-12 13:26:08 +05:30 · 0b98f0d211
commit 0b98f0d211
parent d21d7a1e2e
3 changed files with 14 additions and 6 deletions
--- a/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/README.txt
+++ b/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/README.txt
@ -12,8 +12,17 @@ NOTES: @WebServlet annotation designates the AccountServlet class as a Servlet c
       An initialization parameter 'type' is being set to denote the type of the bank account.
       
       @ServletSecurity annotation imposes security constraints on the AccountServlet based on
-       the tomcat-users.xml (this code assumes there is a role 'admin' in your tomcat-users.xml)
-   
+       the tomcat-users.xml.
+       
+       This code assumes that your tomcat-users.xml looks as follows:
+
+       <role rolename="Admin"/>
+       <role rolename="Member"/>
+       <role rolename="Guest"/>
+       <user username="Annie" password="admin" roles="Admin, Member, Guest" />
+       <user username="Diane" password="coder" roles="Member, Guest" />
+       <user username="Ted" password="newbie" roles="Guest" />
+   
 N.B : To see  @ServletSecurity annotation in action, please uncomment the annotation code 
      for @ServletSecurity.
      
--- a/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/src/main/java/com/baeldung/javaeeannotations/AccountServlet.java
+++ b/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/src/main/java/com/baeldung/javaeeannotations/AccountServlet.java
@ -17,8 +17,8 @@ import javax.servlet.http.HttpServletResponse;
  initParams = { @WebInitParam(name = "type", value = "savings") }
  )
 /*@ServletSecurity(
-  value = @HttpConstraint(rolesAllowed = {"admin"}),
-  httpMethodConstraints = {@HttpMethodConstraint(value = "POST", rolesAllowed = {"admin"})}
+  value = @HttpConstraint(rolesAllowed = {"Member"}),
+  httpMethodConstraints = {@HttpMethodConstraint(value = "POST", rolesAllowed = {"Admin"})}
  )*/
 public class AccountServlet extends javax.servlet.http.HttpServlet {

--- a/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/src/main/webapp/WEB-INF/web.xml
+++ b/jee7/src/main/java/com/baeldung/javaeeannotations/JavaEEAnnotationsSample/src/main/webapp/WEB-INF/web.xml
@ -7,5 +7,4 @@
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
    </login-config>
-
-</web-app>
+</web-app>