You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jubin Kuriakose <ju...@gmail.com> on 2006/03/14 04:39:25 UTC
authentication
hi all
I got to authorise a particular part of my web app, I have configured my
web.xml as follows
> <security-constraint>
>
> <web-resource-collection>
> <web-resource-name>father</web-resource-name>
> <description>Security</description>
> <url-pattern>/father/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/auth.do</form-login-page>
> <form-error-page>/admin/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
and everything works fine. the required action is called. but after being
authorised into /father/something.jsp , if acess any other page in /father
through a link the same login action is called. Do I have to explicity write
code to see if I am authorised or is there any way the container can manage
this. I am using JAAS in JBoss 4.0.2
This seems like basic and foolish question.... My real doubt is do I have to
write the code to see if I am authorised?
sincerely jubs