You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Jubin Kuriakose <ju...@gmail.com> on 2006/03/14 04:39:25 UTC

authentication

hi all
I got to authorise a particular part of my web app, I have configured my
web.xml as follows

> <security-constraint>
>
>         <web-resource-collection>
>             <web-resource-name>father</web-resource-name>
>             <description>Security</description>
>             <url-pattern>/father/*</url-pattern>
>             <http-method>GET</http-method>
>             <http-method>POST</http-method>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>admin</role-name>
>         </auth-constraint>
>         <user-data-constraint>
>             <transport-guarantee>NONE</transport-guarantee>
>         </user-data-constraint>
>     </security-constraint>
>
>     <login-config>
>         <auth-method>FORM</auth-method>
>         <form-login-config>
>             <form-login-page>/auth.do</form-login-page>
>             <form-error-page>/admin/error.jsp</form-error-page>
>         </form-login-config>
>     </login-config>
>     <security-role>
>         <role-name>admin</role-name>
>     </security-role>


and everything works fine. the required action is called. but after being
authorised into /father/something.jsp , if  acess any other page in /father
through a link the same login action is called. Do I have to explicity write
code to see if I am authorised or is there any way the container can manage
this. I am using JAAS in JBoss 4.0.2
This seems like basic and foolish question.... My real doubt is do I have to
write the code to see if I am authorised?

sincerely jubs