You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Ho-Ki Au <ha...@oxygensoft.com> on 2002/09/06 01:44:28 UTC
how do I integrate struts with container managed security?
I read in the mail archive that it was possible to apply container managed
security on struts action. Can someone give me an example on how this can
be done?
I have a servlet-mapping like this:
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
and I would like to trigger a container-managed login whenever an action is
done. Please help.
-hoki
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: how do I integrate struts with container managed security?
Posted by Phil Steitz <ph...@steitz.com>.
Ho-Ki Au wrote:
> I read in the mail archive that it was possible to apply container managed
> security on struts action. Can someone give me an example on how this can
> be done?
> I have a servlet-mapping like this:
> <servlet-mapping>
> <servlet-name>action</servlet-name>
> <url-pattern>*.do</url-pattern>
> </servlet-mapping>
>
> and I would like to trigger a container-managed login whenever an action is
> done. Please help.
> -hoki
>
Hoki,
The key thing to understand is that struts actions invoked by URL's can
be protected like any other URL resource using container-managed
security. Check out
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html for a
nice description of how to set up container-managed security using
Tomcat 4.0.
Here is a very simple example using struts 1.02. In this example,
actions requiring authentication have /a/ at the start of their paths,
others do not. The URL request to the protected resource forces a login.
The constraint below forces *everything* (including HTML pages, jsps)
down the /a/ path to be authenticated. If you want to protect just the
actions, you need to modify the security constraint.
In web.xml:
<!-- Security Constraints -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/a/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
<role-name>reader</role-name>
</auth-constraint>
</security-constraint>
In struts-config:
<!-- Register reader **non-authenticated action** -->
<action path="/register"
type="com.steitz.library.SaveReaderAction"
name="readerForm"
scope="request"
input="/Register.jsp">
<forward name="success" path="/welcome.html"/>
<forward name="error" path="/registrationError.jsp"/>
<forward name="cancel" path="/registrationCancel.jsp"/>ls
</action>
<!-- Edit book (Update or Create) **action requires authentication** -->
<action path="/a/editBook"
type="com.steitz.library.EditBookAction"
name="bookForm"
scope="request"
input="/a/book.jsp"
validate="false">
<forward name="success" path="/a/editBook.jsp"/>
</action>
hth,
Phil
>
> -- To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>