You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by "Natra, Uday" <UN...@cooksys.com> on 2001/04/13 05:50:49 UTC

J2EE security model with Struts

Hi All,
Can I use J2EE security model when using the struts framework? Like using a
form with names j_username & j_password etc etc..
Thanks,
Uday.

RE: J2EE security model with Struts

Posted by Abraham Kang <ab...@infogain.com>.

I got it working in WebLogic.  Your milage my vary but here is what I did:

1.  Added the following to web.xml:

   <!-- For some reason you need a *.html file here -->
  <welcome-file-list>
    <welcome-file>SnoopServlet.jsp, index.html</welcome-file>
  </welcome-file-list>

  <!-- Struts Tag Library Descriptors -->
  <taglib>
    <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
    <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
  </taglib>

  <taglib>
    <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
    <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
  </taglib>

  <taglib>
    <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
    <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
  </taglib>

  <!--  Added this part  -->
  <security-constraint>
    <web-resource-collection>
       <web-resource-name>
         wlpiTest
       </web-resource-name>
	 <!-- The following pattern protect the whole web app -->
       <url-pattern>
          /*
       </url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
    </web-resource-collection>
 	 <auth-constraint>

		 <role-name>
          wlpiUsers
       </role-name>
		 <role-name>
          wlpiAdministrators
       </role-name>
    </auth-constraint>
	 <user-data-constraint>
            <description>SSL not required</description>
            <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>
       FORM
    </auth-method>
    <form-login-config>
      <form-login-page>
       /logonWebApp.jsp
      </form-login-page>
      <form-error-page>
       /invalidLogon.html
      </form-error-page>
    </form-login-config>
  </login-config>

<!-- End Added Part -->

You will need to modify parts above for your application.
The logonWebApp.jsp has action="j_security_check" and text fields named
"j_password" and "j_username".
JRun does not allow *.jsp files for the form-login-page.

2.  If you are using Weblogic you will need to install a Realm or use the
default (weblogic.properties).

3.  Type in a URL to any protected resource and verify that the Login page
comes up.

This is off the top of my head.

Hope this Helps,
Abraham

> -----Original Message-----
> From: Natra, Uday [mailto:UNatra@cooksys.com]
> Sent: Thursday, April 12, 2001 8:51 PM
> To: 'struts-user@jakarta.apache.org'
> Subject: J2EE security model with Struts
>
>
> Hi All,
> Can I use J2EE security model when using the struts framework?
> Like using a
> form with names j_username & j_password etc etc..
> Thanks,
> Uday.
>