You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Martin Alley <ma...@ntlworld.com> on 2004/03/27 09:27:11 UTC

RE: How does ActionForm data pass through container called form based login page?

FYI...

I've done a simple test with no struts involved, and the post data still
fails to pass through ok.

It's basicly 3 files
Index.html links to form.html
Form.html posts to process.jsp

Both form.html and process.jsp are protected, though interestingly the
login page only comes up when submitting the form (ie. Already in
form.html) - I don't know if this is my mistake or another bug.

Included files are the test - based on JBoss 3.2.3 with tomcat4.1
embedded.

Martin

Index.html
<html>
<body>
		<a href="form.html">form</a>
</body>
</html>

form.html
<html>
	<body>
		<form action="process.jsp" method="post">
			<input type="text" name="text1"/>
			<input type="submit" value="OK"/>
		</form>
	</body>
</html>

login.html
<html>
<body>
<h4>Please login:</h4>
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="OK">
</form>
</body>
</html>

process.jsp
<html>
<body>
text1=<%=request.getParameter("text1")%>
</body>
</html>

WEB-INF\web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app >


   <session-config>
      <session-timeout>2</session-timeout>
   </session-config>

 <security-constraint>
    <web-resource-collection>
      <web-resource-name>Signon</web-resource-name>
      <description>Declarative security tests</description>
      <url-pattern>/form.html</url-pattern>
      <url-pattern>/process.jsp</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>customer</role-name>
      <role-name>merchant</role-name>
      <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
      <description>no description</description>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
		<form-login-page>/login.html</form-login-page>
		<form-error-page>/login.html</form-error-page>
</form-login-config>
  </login-config>

  </web-app>

WEB-INF\jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">

<jboss-web>

   <security-domain>java:/jaas/authtest</security-domain>

   <!-- Resource Environment References -->

   <!-- Resource references -->

   <!-- EJB References -->

</jboss-web>




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org