Configuring Tomcat to USe SSL

In Tomcat, the support for SSL is present, but disabled by default.
This post summarizes the steps necessary to enable the SSL support in Tomcat.
STEPS :
1) Create a self-signed public key certificate.
now to generate the certificate that will be valid for two years(730 days),execute the following command,

keytool -genkey -alias tomcat -keyalg RSA -validity 730

2) Copy the keystore file to the Tomcat installation directory
Copy the .keystore file just created from your home directory to tomcat installation directory.

3) Uncomment and edit the SSL connector entry in tomcat_dir/conf/server.xml
Look for a commented-out Connector element that has port attribute set to 8443. Remove the enclosing comment tags( ).

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile=”mykeystore” keystorePass=”keystore” />

4) Change the main connector entry in server.xml.
<Connector port="9090" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort=”8443″ />

5) restart the server

 

Example of Basic Declarative Security

Write a code to implement following access rules using Basic Declarative Security
Access Rules:
Student page : All can access
Faculty Page: only Faculty and admin can access
Admin Page : only Admin can access and it is accessible only via SSL (https).

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Student.jsp

<html>
<body>
Student page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Faculty.jsp

<html>
<body>
Faculty page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Admin.jsp

<html>
<body>
Admin page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml

<role rolename="admin"/>
<role rolename="student"/>
<role rolename="faculty"/>

<user username="stud" password="stud" roles="student" />
<user username="fac" password="fac" roles="student,faculty" />
<user username="admin" password="admin" roles="student,faculty,admin" />

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\WEB-INF\web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  version="3.0"
  metadata-complete="true">  

  <display-name>Welcome to Tomcat</display-name>
  <description>
     Welcome to Tomcat
  </description>
  
	<login-config>
		<auth-method>BASIC</auth-method>
          <realm-name> Please Enter Username and Password </realm-name>
	</login-config>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Admin.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
		</auth-constraint>
                <user-data-contraint>
		<transport-guarantee>
			CONFIDENTIAL
		</transport-guarantee>
	       </user-data-contraint>
	</security-constraint>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Faculty.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>faculty</role-name>
		</auth-constraint>
	</security-constraint>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Student.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>faculty</role-name>
			<role-name>student</role-name>
		</auth-constraint>
	</security-constraint>
	
	<security-role>
		<role-name>admin</role-name>
	</security-role>
	<security-role>
		<role-name>faculty</role-name>
	</security-role>
	<security-role>
		<role-name>student</role-name>
	</security-role>
	
</web-app>

 

Example of Form based Declarative Security

Write a code to implement following access rules using Form based Declarative Security
Access Rules:
Student page : All can access
Faculty Page: only Faculty and admin can access
Admin Page : only Admin can access and it is accessible only via SSL (https).

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Student.jsp

<html>
<body>
Student page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Faculty.jsp

<html>
<body>
Faculty page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Admin.jsp

<html>
<body>
Admin page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Login.jsp

<html>
<body>
login page
<form method="post" action ="j_security_check">
Username : 
<input type="text" name="j_username" > 
Password
<input type="password" name="j_password" > 
<input type="submit" value="OK" > 
</form>
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Error.jsp

<html>
<body>
error Page
</body>
</html>

C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml

<role rolename="admin"/>
<role rolename="student"/>
<role rolename="faculty"/>

<user username="stud" password="stud" roles="student" />
<user username="fac" password="fac" roles="student,faculty" />
<user username="admin" password="admin" roles="student,faculty,admin" />

C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\WEB-INF\web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                      http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  version="3.0"
  metadata-complete="true">  

  <display-name>Welcome to Tomcat</display-name>
  <description>
     Welcome to Tomcat
  </description>
  
	<login-config>
		<auth-method>FORM</auth-method>
			<form-login-config>
				<form-login-page>/Login.jsp</form-login-page>
				<form-error-page>/Error.jsp</form-error-page>
			</form-login-config>
	</login-config>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Admin.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
		</auth-constraint>
                <user-data-contraint>
		<transport-guarantee>
			CONFIDENTIAL
		</transport-guarantee>
	       </user-data-contraint>
	</security-constraint>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Faculty.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>faculty</role-name>
		</auth-constraint>
	</security-constraint>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Sensitive</web-resource-name>
			<url-pattern>/Student.jsp</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>faculty</role-name>
			<role-name>student</role-name>
		</auth-constraint>
	</security-constraint>
	
	<security-role>
		<role-name>admin</role-name>
	</security-role>
	<security-role>
		<role-name>faculty</role-name>
	</security-role>
	<security-role>
		<role-name>student</role-name>
	</security-role>
	
</web-app>

 

Basic VS Form Based Declarative Security

 

MySQL Database Connectivity without DSN

first download the jar file and put these jar file in lib folder of tomcat installation directory.

Jar file :
Download

<%@page import="java.sql.*" %>
<%
	try
	{
			Class.forName("com.mysql.jdbc.Driver");
			String url= "jdbc:mysql://localhost/Student";
          //String url = "jdbc:mysql://localhost:3306/Student";
			Connection con=DriverManager.getConnection(url,"root","");
			out.println("successfully connected");
			Statement st=con.createStatement();
			st.executeUpdate("insert into Stud values( 3,'mno')");
			out.println("successfully inserted");
			st.close();
			con.close();
		
	}
	catch(Exception e)
	{
		out.println(e);
	}
%>

 

Oracle Database Connectvity without DSN

file for Oracle Driver :
Download jar

put these jar file in lib folder of tomcat installation directory.

<%@page import="java.sql.*" %>
<%
	try
	{
			Class.forName("oracle.jdbc.driver.OracleDriver");
			String url= "jdbc:oracle:thin:scott/tiger@//192.168.0.11:1521/aitsora";
<%-- for 10g 			
String url= "jdbc:oracle:thin:system/admin@//127.0.0.1:1521/XE";  --%>
			Connection con=DriverManager.getConnection(url);
			out.println("successfully connected");
            Statement st=con.createStatement();
			st.executeUpdate("insert into Stud values( 4,'xyz')");
			out.println("successfully inserted");
			st.close();
			con.close();
	}
	catch(Exception e)
	{
		out.println(e);
	}
%>

 

Access Database Connectivity without DSN

<%@page import="java.sql.*" %>
<%
	try
	{
			Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String url;
url= "jdbc:odbc:Driver={Microsoft Access Driver (*.mdb, *.accdb)};Dbq=D:\\Student.accdb";
			Connection con=DriverManager.getConnection(url);
			out.println("successfully connected");
			
			Statement st=con.createStatement();
			st.executeUpdate("insert into Stud values( 3,'mno')");
			out.println("successfully inserted");
				
			st.close();
			con.close();
	}
	catch(Exception e)
	{
		out.println(e);
	}
%>

 

ResultSetMetaData example

<%@page import="java.sql.*"%>
<%
		Connection con=null;
		try
		{
				Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
				String url="jdbc:odbc:mca";
				con=DriverManager.getConnection(url);
				
				out.println("successfully connected");
				Statement st=con.createStatement();
				ResultSet rs= st.executeQuery("select * from stud");
				ResultSetMetaData rsmd=rs.getMetaData();
				out.println("No of column: "+ rsmd.getColumnCount()); //2 
				out.println("Column Name: "+ rsmd.getColumnName(1));
				out.println("Column Name: "+ rsmd.getColumnName(2));
				out.println("Table Name: "+ rsmd.getTableName(1));
				out.println("Column Type: "+ rsmd.getColumnType(1));
				out.println("Column Type: "+ rsmd.getColumnTypeName(1));
				out.println("Column display size: "+ rsmd.getColumnDisplaySize(2));
		}
		catch(Exception e)
		{
			out.println(e);
		}
%>

 

DatabaseMetaData Example

<%@page import="java.sql.*"%>
<%
		Connection con=null;
		try
		{
				Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
				String url="jdbc:odbc:mca";
				con=DriverManager.getConnection(url);
				out.println("successfully connected");
				DatabaseMetaData dmd=con.getMetaData();
				out.println("Product name:"+ dmd.getDatabaseProductName());
				out.println("Product version:"+ dmd.getDatabaseProductVersion());
				out.println("Driver Name:"+ dmd.getDriverName());
				out.println("Driver version:"+ dmd.getDriverVersion()); 
				out.println("Maximum Connection :"+dmd.getMaxConnections());
		}
		catch(Exception e)
		{
			out.println(e);
		}
%>

 

Database Transaction

Transactions enable you to control if, and when, changes are applied to the database.
To enable manual- transaction support use the Connection Oject’s setAutoCommit() method.

<%@page import="java.sql.*" %>
<%
        Connection con=null;
      		try
		{
				Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
				con=DriverManager.getConnection("jdbc:odbc:studora","system","admin");
				con.setAutoCommit(false);
				Statement stmt = con.createStatement();
                String SQL = "insert into stud values(1,'abc')";
                stmt.executeUpdate(SQL);  
				String SQL = “insert into stud value(2, ‘xyz’)";
				stmt.executeUpdate(SQL);
				con.commit();
				con.close();
		}
		catch(Exception e)
		{	
			out.println(e);
			con.rollback();
		}
%>