You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jesse Hill <je...@yahoo.com> on 2010/08/17 22:33:48 UTC
Struts, WAS, and Authentication
Hello,
I'm wondering if anybody has run in to this particular problem ...
I have two trivial applications, each having a protected "Home" action and an
accessible "Login" action. Both applications protect the home action using form
based authentication in the web.xml. The only difference between these two apps
is that one includes a struts filter and accesses the actions through struts
actions, while the other just uses JSPs with no struts and accesses Home.jsp and
Login.jsp.
There are no java classes used in the struts app, it just has config like:
<package name="default" extends="struts-default">
<action name="Home">
<result>/Home.jsp</result>
</action>
<action name="Login">
<result>/Login.jsp</result>
</action>
</package>
So - there's no code to the apps other than the JSPs, which are plain html.
Both of these apps work cleanly on WAS 6.x and 7.x. For the struts app - I've
tried several versions including 2.0.14 and 2.1.8 and I see identical results.
The problem I have is that with struts, when a user logs out of the application
and is redirected to the login page, the log fills with messages like:
[8/18/10 4:00:32:750 CST] 00000036 srt W
com.ibm.ws.webcontainer.srt.SRTServletResponse setStatus WARNING: Cannot set
status. Response already committed.
[8/18/10 4:00:32:765 CST] 00000036 srt W
com.ibm.ws.webcontainer.srt.SRTServletResponse addHeader WARNING: Cannot set
header. Response already committed.With the JSP-only version, I don't have these
warnings.
My WAS has the custom properties:
com.ibm.ws.webcontainer.assumefiltersuccessonsecurityerror=truecom.ibm.ws.webcontainer.invokefilterscompatibility=true
One last thing to note is that I run with a network deployment of WAS. I don't
seem to see these errors on a standalone WAS config.
Anybody have any ideas? I'll attach the source for both apps (7k) in case that
helps. So far google has not bailed me out.
Thanks,
Jesse