<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
- <display-name>cdi</display-name>
+ <display-name>cdi</display-name>
- <!--
- There are three means to configure Wickets configuration mode and they are
- tested in the order given.
- 1) A system property: -Dwicket.configuration
- 2) servlet specific <init-param>
- 3) context specific <context-param>
- The value might be either "development" (reloading when templates change)
- or "deployment". If no configuration is found, "development" is the default.
- -->
-
- <filter>
- <filter-name>authentication</filter-name>
- <filter-class>org.wamblee.photos.security.AuthenticationFilter</filter-class>
- <init-param>
- <param-name>loginpage</param-name>
- <param-value>/login.jsp</param-value>
- </init-param>
- <!-- each authenticated user is assigned to the gruop ALL in the security realm configuration -->
- <init-param>
- <param-name>role</param-name>
- <param-value>ALL</param-value>
- </init-param>
- <!-- defines the resource URLs for which no authentication is required -->
- <init-param>
- <param-name>resources</param-name>
- <param-value>/resources</param-value>
- </init-param>
- </filter>
+ <!--
+ There are three means to configure Wickets configuration mode and they are
+ tested in the order given.
+ 1) A system property: -Dwicket.configuration
+ 2) servlet specific <init-param>
+ 3) context specific <context-param>
+ The value might be either "development" (reloading when templates change)
+ or "deployment". If no configuration is found, "development" is the default.
+ -->
- <filter>
- <filter-name>photos</filter-name>
- <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
- <init-param>
- <param-name>applicationClassName</param-name>
- <param-value>org.wamblee.photos.wicket.WicketApplication</param-value>
- </init-param>
- <init-param>
- <param-name>configuration</param-name>
- <param-value>development</param-value>
- </init-param>
- </filter>
+ <filter>
+ <filter-name>authentication</filter-name>
+ <filter-class>org.wamblee.photos.security.AuthenticationFilter</filter-class>
+ <init-param>
+ <param-name>loginpage</param-name>
+ <param-value>/login.jsp</param-value>
+ </init-param>
+ <!-- each authenticated user is assigned to the gruop ALL in the security realm configuration -->
+ <init-param>
+ <param-name>role</param-name>
+ <param-value>ALL</param-value>
+ </init-param>
+ <!-- defines the resource URLs for which no authentication is required -->
+ <init-param>
+ <param-name>resources</param-name>
+ <param-value>/resources</param-value>
+ </init-param>
+ </filter>
+ <filter>
+ <filter-name>photos</filter-name>
+ <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
+ <init-param>
+ <param-name>applicationClassName</param-name>
+ <param-value>org.wamblee.photos.wicket.WicketApplication</param-value>
+ </init-param>
+ <init-param>
+ <param-name>configuration</param-name>
+ <param-value>development</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>authentication</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<filter-mapping>
- <filter-name>authentication</filter-name>
- <url-pattern>/*</url-pattern>
+ <filter-name>photos</filter-name>
+ <url-pattern>/*</url-pattern>
</filter-mapping>
- <filter-mapping>
- <filter-name>photos</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>resources</web-resource-name>
- <url-pattern>/resources/*</url-pattern>
- </web-resource-collection>
- </security-constraint>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>securedaccess</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>ALL</role-name>
- <role-name>users</role-name>
- </auth-constraint>
- </security-constraint>
-
- <login-config>
- <auth-method>FORM</auth-method>
- <realm-name>PhotoXChangeRealm</realm-name>
- <form-login-config>
- <form-login-page>/login.jsp</form-login-page>
- <form-error-page>/loginError.jsp</form-error-page>
- </form-login-config>
- </login-config>
-
- <session-config>
- <session-timeout>10</session-timeout>
- </session-config>
-
- <welcome-file-list>
- <welcome-file>login.jsp</welcome-file>
- </welcome-file-list>
-
- <security-role>
- <role-name>ALL</role-name>
- </security-role>
-
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>resources</web-resource-name>
+ <url-pattern>/resources/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>securedaccess</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>ALL</role-name>
+ <role-name>users</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>PhotoXChangeRealm</realm-name>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/loginError.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <error-page>
+ <error-code>404</error-code>
+ <!-- view will redirect to login if the user is not logged in -->
+ <location>/404.jsp</location>
+ </error-page>
+
+ <session-config>
+ <session-timeout>10</session-timeout>
+ </session-config>
+
+ <welcome-file-list>
+ <welcome-file>login.jsp</welcome-file>
+ </welcome-file-list>
+
+ <security-role>
+ <role-name>ALL</role-name>
+ </security-role>
+
</web-app>