You can use your preferred development environment to create a Web application that contains the JSPs to access your back-end application.
After deploying sso.war in EAServer (“Deploying the WAR file”), you can find web.xml under /Repository/WebApplication/sso/WEB-INF. of your EAServer installation.
Here is the sample web.xml file that defines a Web application called “SSO” with a single JSP in it:
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'> <web-app> <display-name>sso</display-name> <servlet> <servlet-name>SSO</servlet-name> <display-name>SingleSignon</display-name> <jsp-file>/SSO.jsp</jsp-file> </servlet> <security-constraint> <web-resource-collection> <web-resource-name>ssoZone</web-resource-name> <url-pattern>/SSO.jsp</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Role required to access the SSO jsp</description> <role-name>PortalUser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name></realm-name> </login-config> <security-role> <description>Whatever</description> <role-name>PortalUser</role-name> </security-role> </web-app>
The JSP is a protected Web resource, and anyone who wants to execute it must be assigned the PortalUser role. If the Web container receives an unauthenticated request for this JSP, the Web container uses basic authentication to validate the user before verifying that the user has the PortalUser role.
