Solved: Securing a web application has no effect

Former Member · ‎09-01-2015

Hello everybody,

I'm trying to secure the default root web application for Netweaver Java AS 7.31, so I try to edit the web.xml and web-j2ee-engine.xml files which are located here: j2ee/cluster/apps/sap.com/com.sap.engine.docs.examples/servlet_jsp/_default/root/WEB-INF

Anyway after editing the files in text editor and restarting the "com.sap.engine.docs.examples" application via NWA, nothing happens. Is there something wrong with the code? Why there is no security form when I try to open the application in browser?

web.xml:


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                             http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"         
         version="2.5"         
         xmlns="http://java.sun.com/xml/ns/javaee"> 




  <display-name>Default</display-name>




  <!-- ============================================================== -->
  <!-- SAPUI5 resource servlet used to handle application resources  -->
  <!-- ============================================================== -->
    
  <servlet>
    <servlet-name>startPage</servlet-name>
    <jsp-file>/startPage.jsp</jsp-file>
  </servlet>


  
  <!-- ============================================================== -->
  <!-- Welcome file list                                              -->
  <!-- ============================================================== -->


  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  
  
  <!-- ============================================================== -->
  <!-- Security settings                                              -->
  <!-- ============================================================== -->


  <security-constraint>  
    <display-name>Authentication of Users</display-name>  
    <web-resource-collection>  
      <web-resource-name>Default</web-resource-name>  
      <url-pattern>*</url-pattern>  
      <http-method>GET</http-method>  
      <http-method>POST</http-method>  
    </web-resource-collection>  
    <auth-constraint> 
      <role-name>SAPUI5</role-name>
      <role-name>Admin</role-name>
    </auth-constraint>  
  </security-constraint>  


  <login-config>  
    <auth-method>FORM</auth-method>  
  </login-config>  


  <security-role>  
    <role-name>SAPUI5</role-name>
    <role-name>Admin</role-name>
  </security-role>
    


</web-app>

web-j2ee-engine.xml:


<?xml version="1.0" encoding="UTF-8"?>
<web-j2ee-engine xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="web-j2ee-engine.xsd">


  <spec-version>2.4</spec-version>

  <security-role-map>
  <role-name>SAPUI5</role-name>
                <role-name>Admin</role-name>

  </security-role-map>


  <login-module-configuration>
  <login-module-stack>
  <login-module>
  <login-module-name>EvaluateTicketLoginModule</login-module-name>
  <flag>SUFFICIENT</flag>
  </login-module>
  <login-module>
  <login-module-name>BasicPasswordLoginModule</login-module-name>
  <flag>REQUISITE</flag>
  </login-module>
  <login-module>
  <login-module-name>CreateTicketLoginModule</login-module-name>
  <flag>OPTIONAL</flag>
  </login-module>
  </login-module-stack>
  </login-module-configuration>


</web-j2ee-engine>

Former Member · ‎09-01-2015

Solved by redeploying the whole application. Is there a way to force SAP to refresh the application files without redeploying the whole application?

Securing a web application has no effect

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: Bought a new laptop and trying to install Crys...

Re: HTTP Receiver adapter with Dynamic value in UR...

How to create a rolling forecast in SAC? I have an...

In SAP Hana Cloud, do packages exist as database o...

Re: Mass Update a Zfield in Std Table with Split &...