You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Anet <fi...@yahoo.com> on 2008/06/01 12:20:11 UTC

login problem

Hi
I have a problem with "security-constraint" in tomcat 5.5. I use struts 1.2.
when we used tomcat 4.1.29, there were no problem with pages needed login.
with tomcat 5.5.17, I had to put role-names into my web.xml file to solve login problem.
But now I have another problem. 
I have a form... needs login to be accessed.
the user logins successfully.the form is shown to him.
(in the code, saveToken() called )
now he fills the form,but leaves his work,=&gt;his session expired...
the user comes back.puts the submit button and redirects to login page.
he logins...and the process of submit should be done.
(in the code, isTokenValid(Request) called and returns false....)
it is expected to continue the process...
I didn't have this problem while using tomcat 4.1 .
Would you mind help me for it? I have no idea...
thanks.
Anet.

Re: login problem

Posted by Diny <di...@visiontss.com>.

hi...

              I had to put role-names into my web.xml file to solve login
problem. you mentioned in ur post.. i would like to know how it is possible
and how come you are saying tat it will reduce the login problem.. if u dont
mind reply me as soon as possible.....





Anet-2 wrote:
> 
> Hi
> I have a problem with "security-constraint" in tomcat 5.5. I use struts
> 1.2.
> when we used tomcat 4.1.29, there were no problem with pages needed login.
> with tomcat 5.5.17, I had to put role-names into my web.xml file to solve
> login problem.
> But now I have another problem. 
> I have a form... needs login to be accessed.
> the user logins successfully.the form is shown to him.
> (in the code, saveToken() called )
> now he fills the form,but leaves his work,=&gt;his session expired...
> the user comes back.puts the submit button and redirects to login page.
> he logins...and the process of submit should be done.
> (in the code, isTokenValid(Request) called and returns false....)
> it is expected to continue the process...
> I didn't have this problem while using tomcat 4.1 .
> Would you mind help me for it? I have no idea...
> thanks.
> Anet.
> 
> 
>       
> 

-- 
View this message in context: http://www.nabble.com/login-problem-tp17584175p20495105.html
Sent from the Struts - User mailing list archive at Nabble.com.

Re: login problem

Posted by Anet <fi...@yahoo.com>.

Hi;
Thank you Laurie.
It works if&nbsp;I take out the saveToken / isTokenValid 
stuff?&nbsp;The login process works correctly and it comes to my action class.
But I&nbsp;won't be able to control duplicate submission.&nbsp;
&nbsp;
Anet.

--- On Tue, 6/3/08, Laurie Harper &lt;laurie@holoweb.net&gt; wrote:

From: Laurie Harper &lt;laurie@holoweb.net&gt;
Subject: Re: login problem
To: user@struts.apache.org
Date: Tuesday, June 3, 2008, 12:16 PM

Anet wrote:
&gt; Hi
&gt; I have a problem with "security-constraint" in tomcat 5.5. I use
struts 1.2.
&gt; when we used tomcat 4.1.29, there were no problem with pages needed login.
&gt; with tomcat 5.5.17, I had to put role-names into my web.xml file to solve
login problem.
&gt; But now I have another problem. 
&gt; I have a form... needs login to be accessed.
&gt; the user logins successfully.the form is shown to him.
&gt; (in the code, saveToken() called )
&gt; now he fills the form,but leaves his work,=&amp;gt;his session expired...
&gt; the user comes back.puts the submit button and redirects to login page.
&gt; he logins...and the process of submit should be done.
&gt; (in the code, isTokenValid(Request) called and returns false....)
&gt; it is expected to continue the process...
&gt; I didn't have this problem while using tomcat 4.1 .
&gt; Would you mind help me for it? I have no idea...

If I understand you correctly, you are using container managed security 
and seeing an inconsistency in behaviour between Tomcat 4.1.29 and 
5.5.17. Struts is not involved in CMS processing in any way, so I would 
suspect a Tomcat and/or configuration problem.

Does it work as you expect if you take out the saveToken / isTokenValid 
stuff? If that fixes the problem, there may be Struts-related issue 
here. Otherwise, you should probably pursue this on the Tomcat forums.

L.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: login problem

Posted by Laurie Harper <la...@holoweb.net>.

Anet wrote:
> Hi
> I have a problem with "security-constraint" in tomcat 5.5. I use struts 1.2.
> when we used tomcat 4.1.29, there were no problem with pages needed login.
> with tomcat 5.5.17, I had to put role-names into my web.xml file to solve login problem.
> But now I have another problem. 
> I have a form... needs login to be accessed.
> the user logins successfully.the form is shown to him.
> (in the code, saveToken() called )
> now he fills the form,but leaves his work,=&gt;his session expired...
> the user comes back.puts the submit button and redirects to login page.
> he logins...and the process of submit should be done.
> (in the code, isTokenValid(Request) called and returns false....)
> it is expected to continue the process...
> I didn't have this problem while using tomcat 4.1 .
> Would you mind help me for it? I have no idea...

If I understand you correctly, you are using container managed security 
and seeing an inconsistency in behaviour between Tomcat 4.1.29 and 
5.5.17. Struts is not involved in CMS processing in any way, so I would 
suspect a Tomcat and/or configuration problem.

Does it work as you expect if you take out the saveToken / isTokenValid 
stuff? If that fixes the problem, there may be Struts-related issue 
here. Otherwise, you should probably pursue this on the Tomcat forums.

L.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org