You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mark Silva <ms...@authenex.com> on 2002/09/25 21:03:53 UTC
Struts Authentication Filter
hello all,
I am attempting to write an Authentication Filter (Servlet Filter) for my Stuts App. It is pretty simple so far. it just checks to see if a User has Authenticated yet (from the session), and if not calls sendRedirect on the response. code and xml below....
public void doFilter...
...
HttpSession session = request.getSession();
if(!SecurityManager.isUserAuthenticated(session))
response.sendRedirect("login.do");
else
chain.doFilter(request, response);
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
my question, is how i can give the filter a list of pages that are unathenticated. and to entend that idea, a list of pages that can only be authenticated by an admin. i have seen that the FilterConfig can be used to get init parameters, but these only seem to be single values. not a list of potential URLs.... does any one have a solution to this problem?
thanks,
mark
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Startup Problem
Posted by Eddie Bush <ek...@swbell.net>.
I wouldn't hazard a guess, personally. When the app is loaded and
initializes it should spit out a stack trace (this is obviously a
mistake in your config file). Find that trace and you'll find your problem.
Kalaiselvan wrote:
>Hi All,
>
>Here i'm facing serious problem..
>I already configured test application in Struts.
>
>But when I configure my original Application i face serious problem..
>
>I got an error like
>
>"No action instance for path /login could be created"
>"The server encountered an internal error (No action instance for path /login could be created) that prevented it from fulfilling this request."
>
--
Eddie Bush
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Startup Problem
Posted by Kalaiselvan <ka...@HotPOP.com>.
Hi All,
Here i'm facing serious problem..
I already configured test application in Struts.
But when I configure my original Application i face serious problem..
I got an error like
"No action instance for path /login could be created"
"The server encountered an internal error (No action instance for path /login could be created) that prevented it from fulfilling this request."
I gave my code here
struts-config.xml
--------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.0//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_0.dtd">
<struts-config>
<form-beans>
<form-bean name="loginForm" type="com..login.LoginForm"/>
</form-beans>
<global-forwards>
<forward name="error" path="/login.jsp"/>
</global-forwards>
<action-mappings>
<action path="/login"
type="com.login.LoginAction"
name="loginForm"
scope="request"
input="/login.jsp">
<forward name="success" path="/home.jsp"/>
</action>
</action-mappings>
</struts-config>
web.xml
---------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<!-- Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>application</param-name>
<param-value>com.openwave.careertracks.ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- The Welcome File List -->
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- Application Tag Library Descriptor -->
<taglib>
<taglib-uri>/WEB-INF/app.tld</taglib-uri>
<taglib-location>/WEB-INF/app.tld</taglib-location>
</taglib>
<!-- Struts Tag Library Descriptors -->
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
</taglib>
</web-app>
login.jsp
-----------
<%@ taglib uri='/WEB-INF/struts-template.tld' prefix='template' %>
<template:insert template='/logintemplate.jsp'>
<template:put name='title' content='Strus' direct='true'/>
<template:put name='header' content='/header.htm' />
<template:put name='content' content='/login.htm'/>
<template:put name='footer' content='/footer.htm' />
</template:insert>
login.html
------------
<form>
<table align="center" cellpadding="0" cellspacing="0">
<td class="text11bold"> Username: <input class="inbox" type="text" name="userName" value="" size="15"></td>
</tr>
<tr></tr>
<tr>
<td class="text11bold"> Password: <input class="inbox" type="password" name="password" size="15">
<a href="login.do"><img src="images/login_button.gif" border="0"></a></td></table>
</form>
Please help
where i made a mistake..
Thanx in Advance
Re: Struts Authentication Filter
Posted by Max Cooper <ma...@maxcooper.com>.
Mark,
Check out my SecurityFilter project: http://securityfilter.sourceforge.net/
The other alternative that I would suggest is using container-managed
security. SecurityFilter is designed to mimic container managed security, so
it is easy to switch back and forth if you aren't ready to decide which
approach to take. The behavior is essentially the same, and the config file
format is also extremely similar (so you can cut and paste your security
settings between the two when switching).
-Max
----- Original Message -----
From: "Mark Silva" <ms...@authenex.com>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Wednesday, September 25, 2002 12:03 PM
Subject: Struts Authentication Filter
hello all,
I am attempting to write an Authentication Filter (Servlet Filter) for my
Stuts App. It is pretty simple so far. it just checks to see if a User has
Authenticated yet (from the session), and if not calls sendRedirect on the
response. code and xml below....
public void doFilter...
...
HttpSession session = request.getSession();
if(!SecurityManager.isUserAuthenticated(session))
response.sendRedirect("login.do");
else
chain.doFilter(request, response);
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
my question, is how i can give the filter a list of pages that are
unathenticated. and to entend that idea, a list of pages that can only be
authenticated by an admin. i have seen that the FilterConfig can be used to
get init parameters, but these only seem to be single values. not a list of
potential URLs.... does any one have a solution to this problem?
thanks,
mark
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Struts Authentication Filter
Posted by Developer <de...@fdplus.com>.
Have you had a chance to use http://securityfilter.sourceforge.net/
If not, check it out. I have not used it yet, but it seems like a
tremendous effort on the part of Max Cooper and the community. Let us know
how it works out for you if you use it.
----- Original Message -----
From: "Mark Silva" <ms...@authenex.com>
To: "Struts Users Mailing List" <st...@jakarta.apache.org>
Sent: Wednesday, September 25, 2002 3:03 PM
Subject: Struts Authentication Filter
hello all,
I am attempting to write an Authentication Filter (Servlet Filter) for my
Stuts App. It is pretty simple so far. it just checks to see if a User has
Authenticated yet (from the session), and if not calls sendRedirect on the
response. code and xml below....
public void doFilter...
...
HttpSession session = request.getSession();
if(!SecurityManager.isUserAuthenticated(session))
response.sendRedirect("login.do");
else
chain.doFilter(request, response);
<filter>
<filter-name>authenticationFilter</filter-name>
<filter-class>AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>authenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
my question, is how i can give the filter a list of pages that are
unathenticated. and to entend that idea, a list of pages that can only be
authenticated by an admin. i have seen that the FilterConfig can be used to
get init parameters, but these only seem to be single values. not a list of
potential URLs.... does any one have a solution to this problem?
thanks,
mark
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Struts Authentication Filter
Posted by "V. Cekvenich" <vi...@users.sourceforge.net>.
Container Managed Authentication does this for you declareivley in web.xml.
Explained in http://edocs.bea.com/wls/docs61/webapp/web_xml.html , part
of Servlet spec, see part on security
or
http://www.amazon.com/exec/obidos/tg/detail/-/1930110596/qid=1032983452/sr=1-1/ref=sr_1_1/103-2679655-4178264?v=glance
hth, V.
Mark Silva wrote:
> hello all,
>
> I am attempting to write an Authentication Filter (Servlet Filter) for my Stuts App. It is pretty simple so far. it just checks to see if a User has Authenticated yet (from the session), and if not calls sendRedirect on the response. code and xml below....
>
> public void doFilter...
> ...
> HttpSession session = request.getSession();
>
> if(!SecurityManager.isUserAuthenticated(session))
> response.sendRedirect("login.do");
> else
> chain.doFilter(request, response);
>
>
> <filter>
> <filter-name>authenticationFilter</filter-name>
> <filter-class>AuthenticationFilter</filter-class>
> </filter>
>
>
> <filter-mapping>
> <filter-name>authenticationFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> my question, is how i can give the filter a list of pages that are unathenticated. and to entend that idea, a list of pages that can only be authenticated by an admin. i have seen that the FilterConfig can be used to get init parameters, but these only seem to be single values. not a list of potential URLs.... does any one have a solution to this problem?
>
> thanks,
> mark
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>