mercredi 22 avril 2015

Securing a web application using mac address and web.xml

I would like to secure my web application so that the war can be deployed only on one machine.
I thought about setting the mac address in the web.xml file in order to check it each time the application is deployed, so how and where can I set the mac address on the web.xml?

Here's my web.xml file :

     <?xml version="1.0" encoding="UTF-8"?>  <!--"   ISO-8859-1"--> 
<web-app version="3.0" xmlns="http://ift.tt/nSRXKP" xmlns:xsi="http://ift.tt/ra1lAU" xsi:schemaLocation="http://ift.tt/nSRXKP http://ift.tt/1eWqHMP">
    <context-param>
        <param-name>com.sun.faces.writeStateAtFormEnd</param-name>
        <param-value>false</param-value>
    </context-param>
    <context-param>
        <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
        <param-value>false</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            200
        </session-timeout>
    </session-config>

    <filter>   
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
    </filter>

   <filter-mapping>
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
   </filter-mapping>

    <security-constraint>     
        <display-name>login</display-name>     
        <web-resource-collection>         
            <web-resource-name>login</web-resource-name>         
            <description/>         
            <url-pattern>/images/*</url-pattern>
            <url-pattern>/resources/images/*</url-pattern> 
        </web-resource-collection> 
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Pages du module commerciale (role commercial)</web-resource-name>
            <url-pattern>/faces/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/*</url-pattern>
            <url-pattern>/faces/STATISTIQUES/*</url-pattern>
            <url-pattern>/faces/STOCK/*</url-pattern>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>commercial</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Pages du sous module achat</web-resource-name>
            <url-pattern>/faces/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/achat/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/article/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/fournisseur/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/OperationsCommerciales/generationPartielleachat.xhtml</url-pattern>
            <url-pattern>/faces/COMMERCIALE/OperationsCommerciales/generationachat.xhtml</url-pattern>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>achat</role-name>
            <role-name>commercial</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Pages du sous module vente</web-resource-name>
            <url-pattern>/faces/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/vente/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/article/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/client/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/OperationsCommerciales/generationPartielle.xhtml</url-pattern>
            <url-pattern>/faces/COMMERCIALE/OperationsCommerciales/generation.xhtml</url-pattern>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>vente</role-name>
            <role-name>commercial</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Pages du sous module stock</web-resource-name>
            <url-pattern>/faces/*</url-pattern>
            <url-pattern>/faces/STOCK/*</url-pattern>
            <url-pattern>/faces/COMMERCIALE/article/*</url-pattern>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>magasin</role-name>
            <role-name>commercial</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <welcome-file-list>
        <welcome-file>faces/COMMERCIALE/article/detailsArticles.xhtml</welcome-file>
    </welcome-file-list>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Spark_Realm</realm-name>
        <form-login-config>
            <form-login-page>/menu.jsp</form-login-page>
            <form-error-page>/menuErreur.xhtml</form-error-page>
        </form-login-config>
    </login-config>

    <error-page>
        <error-code>403</error-code>
        <location>/403.xhtml</location>            
    </error-page>

    <context-param>  
        <param-name>primefaces.THEME</param-name>  

    </context-param>

</web-app>



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)