You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Balamurugan (JIRA)" <ji...@apache.org> on 2007/08/18 11:35:34 UTC
[jira] Created: (WW-2121) I want to secure my web application using
Container managed security by using Websphere Application Server6.1.the
security credentials are not propagated to the Filter class.Where as the
same works 100% fine in TOMCAT server.
I want to secure my web application using Container managed security by using Websphere Application Server6.1.the security credentials are not propagated to the Filter class.Where as the same works 100% fine in TOMCAT server.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: WW-2121
URL: https://issues.apache.org/struts/browse/WW-2121
Project: Struts 2
Issue Type: Bug
Environment: Websphere Application Server 6.1
Struts 2.0.9
Rational Application Developer 7
Reporter: Balamurugan
Hi ,
I am newbie to Struts2. I have the following issue while configuring the container managed security in Struts2 with Websphere Application Server 6.1. ..Need urgent assistance Please...
I don't know that this is the correct forum to post this query.If not kindly let me know the correct forum where i can post.
Issue:
--------
I want to secure my web application using Container managed security by using Websphere Application Server6.1. Secured all the URLs by placing a security constraint and map the relevant users/groups in my web.xml.But the security credentials are not propagated to the Filter class.Where as the same works 100% fine in TOMCAT server.
After configuring all container managed security we were able to get the security credentials like remoteUser in JSP.But when the form is submitted to the action class by having the Filter as a controller we are not able to get the remoteUser by calling request.getRemoteUser() at the Action .
Wat we inferred is that the Userprinpical context in the request parameter is not available at the Filter.
Below are the entries which we have in web.xml
<security-constraint>
<display-name>
secconst12</display-name>
<web-resource-collection>
<web-resource-name>secweb1234</web-resource-name>
<url-pattern>*.action</url-pattern>
<url-pattern>/*</url-pattern>
<url-pattern>*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>
secAuthConst12</description>
<role-name>secrole12</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DirRealm</realm-name>
</login-config>
<security-role>
<role-name>secrole12</role-name>
</security-role>
Below are the steps we tried to get a basic idea.For that we wrote a sample Servlet and sample Filter and configured it in our web.xml as shown in below and tested the application..
Approach 1
----------------
1) Having a Servlet as a controller.(Submit the jsp form to a Servlet)
1)we have the following entries in web.xml
<servlet>
<description></description>
<display-name>SampleServletController</display-name>
<servlet-name>SampleServletController</servlet-name>
<servlet-class>com.xxx.xxx.xxx.SampleServletController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SampleServletController</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
2) When we call the request.getRemoteUser() in the servlet's doPost method we can able to get the remoteUser name by calling request.getRemoteUser() method.
Output
----------
This approach works fine in both ApacheTomacat6.0.14 and Websphere Application Server6.1. (ie) we can able to get the remoteUser in servlet's doPost() method.
Approach 2
----------------
2) Having a Servlet Filter as a controller.(Submit the form to a Servlet Filter) -
1)we have the following entries in web.xml
<filter>
<description></description>
<display-name>SampleFilterController</display-name>
<filter-name>SampleFilterController</filter-name>
<filter-class>com.xxx.xxx.xxx.SampleFilterController</filter-class>
</filter>
<filter-mapping>
<filter-name>SampleFilterController</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
Output
---------
1) In Apache Tomcat 6.0.14 when we call the request.getRemoteUser() in the Filter's doFilter() method we got the remoteUser name.
2) In Websphere Application Server 6.1 when we call the request.getRemoteUser() in the Filter's doFilter() method we got null.
The above scenarios clearly flags that the application works fine in TOMCAT and doesn't in the WebSphere Application Server when we have the Servlet Filter as controller. Please let us know what would be required to be done to make it work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (WW-2121) I want to secure my web application using
Container managed security by using Websphere Application Server6.1.the
security credentials are not propagated to the Filter class.Where as the
same works 100% fine in TOMCAT server.
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes closed WW-2121.
----------------------------
Resolution: Not A Problem
These types of questions should be asked on the Struts users mailing list:
http://struts.apache.org/mail.html
> I want to secure my web application using Container managed security by using Websphere Application Server6.1.the security credentials are not propagated to the Filter class.Where as the same works 100% fine in TOMCAT server.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WW-2121
> URL: https://issues.apache.org/struts/browse/WW-2121
> Project: Struts 2
> Issue Type: Bug
> Environment: Websphere Application Server 6.1
> Struts 2.0.9
> Rational Application Developer 7
> Reporter: Balamurugan
>
> Hi ,
> I am newbie to Struts2. I have the following issue while configuring the container managed security in Struts2 with Websphere Application Server 6.1. ..Need urgent assistance Please...
> I don't know that this is the correct forum to post this query.If not kindly let me know the correct forum where i can post.
> Issue:
> --------
> I want to secure my web application using Container managed security by using Websphere Application Server6.1. Secured all the URLs by placing a security constraint and map the relevant users/groups in my web.xml.But the security credentials are not propagated to the Filter class.Where as the same works 100% fine in TOMCAT server.
> After configuring all container managed security we were able to get the security credentials like remoteUser in JSP.But when the form is submitted to the action class by having the Filter as a controller we are not able to get the remoteUser by calling request.getRemoteUser() at the Action .
> Wat we inferred is that the Userprinpical context in the request parameter is not available at the Filter.
> Below are the entries which we have in web.xml
> <security-constraint>
> <display-name>
> secconst12</display-name>
> <web-resource-collection>
> <web-resource-name>secweb1234</web-resource-name>
> <url-pattern>*.action</url-pattern>
> <url-pattern>/*</url-pattern>
> <url-pattern>*</url-pattern>
> <http-method>GET</http-method>
> <http-method>PUT</http-method>
> <http-method>HEAD</http-method>
> <http-method>TRACE</http-method>
> <http-method>POST</http-method>
> <http-method>DELETE</http-method>
> <http-method>OPTIONS</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>
> secAuthConst12</description>
> <role-name>secrole12</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>DirRealm</realm-name>
> </login-config>
> <security-role>
> <role-name>secrole12</role-name>
> </security-role>
> Below are the steps we tried to get a basic idea.For that we wrote a sample Servlet and sample Filter and configured it in our web.xml as shown in below and tested the application..
> Approach 1
> ----------------
> 1) Having a Servlet as a controller.(Submit the jsp form to a Servlet)
> 1)we have the following entries in web.xml
> <servlet>
> <description></description>
> <display-name>SampleServletController</display-name>
> <servlet-name>SampleServletController</servlet-name>
> <servlet-class>com.xxx.xxx.xxx.SampleServletController</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>SampleServletController</servlet-name>
> <url-pattern>*.action</url-pattern>
> </servlet-mapping>
> 2) When we call the request.getRemoteUser() in the servlet's doPost method we can able to get the remoteUser name by calling request.getRemoteUser() method.
> Output
> ----------
> This approach works fine in both ApacheTomacat6.0.14 and Websphere Application Server6.1. (ie) we can able to get the remoteUser in servlet's doPost() method.
>
> Approach 2
> ----------------
> 2) Having a Servlet Filter as a controller.(Submit the form to a Servlet Filter) -
> 1)we have the following entries in web.xml
> <filter>
> <description></description>
> <display-name>SampleFilterController</display-name>
> <filter-name>SampleFilterController</filter-name>
> <filter-class>com.xxx.xxx.xxx.SampleFilterController</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>SampleFilterController</filter-name>
> <url-pattern>*.action</url-pattern>
> </filter-mapping>
> Output
> ---------
> 1) In Apache Tomcat 6.0.14 when we call the request.getRemoteUser() in the Filter's doFilter() method we got the remoteUser name.
> 2) In Websphere Application Server 6.1 when we call the request.getRemoteUser() in the Filter's doFilter() method we got null.
> The above scenarios clearly flags that the application works fine in TOMCAT and doesn't in the WebSphere Application Server when we have the Servlet Filter as controller. Please let us know what would be required to be done to make it work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.