Write a code to implement following access rules using Form based Declarative Security
Access Rules:
Student page : All can access
Faculty Page: only Faculty and admin can access
Admin Page : only Admin can access and it is accessible only via SSL (https).
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Student.jsp
<html>
<body>
Student page
</body>
</html>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Faculty.jsp
<html>
<body>
Faculty page
</body>
</html>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Admin.jsp
<html>
<body>
Admin page
</body>
</html>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Login.jsp
<html>
<body>
login page
<form method="post" action ="j_security_check">
Username :
<input type="text" name="j_username" >
Password
<input type="password" name="j_password" >
<input type="submit" value="OK" >
</form>
</body>
</html>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\Error.jsp
<html>
<body>
error Page
</body>
</html>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml
<role rolename="admin"/>
<role rolename="student"/>
<role rolename="faculty"/>
<user username="stud" password="stud" roles="student" />
<user username="fac" password="fac" roles="student,faculty" />
<user username="admin" password="admin" roles="student,faculty,admin" />
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\DS\WEB-INF\web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0"
metadata-complete="true">
<display-name>Welcome to Tomcat</display-name>
<description>
Welcome to Tomcat
</description>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sensitive</web-resource-name>
<url-pattern>/Admin.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-contraint>
<transport-guarantee>
CONFIDENTIAL
</transport-guarantee>
</user-data-contraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sensitive</web-resource-name>
<url-pattern>/Faculty.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>faculty</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sensitive</web-resource-name>
<url-pattern>/Student.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>faculty</role-name>
<role-name>student</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>faculty</role-name>
</security-role>
<security-role>
<role-name>student</role-name>
</security-role>
</web-app>