Use a development environment to create a Web application that contains the JSPs that you want to access your back end application.
For this example, create a Web application with one JSP—ProxyAuth.jsp. This sample secured Web application consists of ProxyAuth.jsp and the WEB-INF/web.xml that defines the Web application to the Web container.
The web.xml file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
<web-app>
<display-name>ProxyAuth</display-name>
<servlet>
<servlet-name>ProxyAuth</servlet-name>
<display-name>ProxyAuth</display-name>
<jsp-file>/ProxyAuth.jsp</jsp-file>
</servlet>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>ProxyAuthZone
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Role required to access the ProxyAuth jsp</description>
<role-name>PortalUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name></realm-name>
</login-config>
<security-role>
<description>Whatever</description>
<role-name>PortalUser</role-name>
</security-role>
</web-app>
The web.xml file is saying “here is a Web application named ‘ProxyAuth’ with a single JSP in it”. The JSP is a protected Web resource; that is, users that want to execute the JSP must have the PortalUser role. When the container receives an unauthenticated request for this JSP, the container should use BASIC authentication to validate the user before checking to see if the user has the PortalUser role.
