You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jesse Hill <je...@yahoo.com> on 2010/08/17 22:33:48 UTC

Struts, WAS, and Authentication

Hello,

I'm wondering if anybody has run in to this particular problem ...

I have two trivial applications, each having a protected "Home" action and an 
accessible "Login" action. Both applications protect the home action using form 
based authentication in the web.xml. The only difference between these two apps 
is that one includes a struts filter and accesses the actions through struts 
actions, while the other just uses JSPs with no struts and accesses Home.jsp and 
Login.jsp.

There are no java classes used in the struts app, it just has config like:

    <package name="default" extends="struts-default">
        <action name="Home">
            <result>/Home.jsp</result>
        </action>

        <action name="Login">
            <result>/Login.jsp</result>
        </action>
    </package>

So - there's no code to the apps other than the JSPs, which are plain html.

Both of these apps work cleanly on WAS 6.x and 7.x. For the struts app - I've 
tried several versions including 2.0.14 and 2.1.8 and I see identical results. 


The problem I have is that with struts, when a user logs out of the application 
and is redirected to the login page, the log fills with messages like:

[8/18/10 4:00:32:750 CST] 00000036 srt           W 
com.ibm.ws.webcontainer.srt.SRTServletResponse setStatus WARNING: Cannot set 
status. Response already committed.
[8/18/10 4:00:32:765 CST] 00000036 srt           W 
com.ibm.ws.webcontainer.srt.SRTServletResponse addHeader WARNING: Cannot set 
header. Response already committed.With the JSP-only version, I don't have these 
warnings.

My WAS has the custom properties:
 com.ibm.ws.webcontainer.assumefiltersuccessonsecurityerror=truecom.ibm.ws.webcontainer.invokefilterscompatibility=true

One last thing to note is that I run with a network deployment of WAS. I don't 
seem to see these errors on a standalone WAS config.

Anybody have any ideas? I'll attach the source for both apps (7k) in case that 
helps. So far google has not bailed me out.

Thanks,
Jesse