You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Rajendra Kadam <ra...@cisco.com> on 2003/04/04 02:23:09 UTC
How to do authentication in different way for different action classes
Hi,
In our application,
I don't want to do authentication to first action class ( welcome.do )
But at the same time, I want to do authetication for all other action
classes.
Initally my web.xml was looking like this
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
......
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
But the disadvantage of doing this way, is that Authentication Dialog
box comes up for welcome.do also. Which I don't want.
Hence right now I'm putting all action classes for which authentication
is required into url-pattern as shown below :
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/abc.do</url-pattern>
<url-pattern>/xya.do</url-pattern>
<url-pattern>/sdabc.do</url-pattern>
......
</servlet-mapping>
Since I had not mentioned, welcome.do in above place, it doesn't do
authentication for it.
Dis-advantage of doing this is everytime I added new Action class, I
have to make the entry into this url-pattern.
Is there any better way of doing this ?
TIA,
raju
Re: How to do authentication in different way for different action classes
Posted by Max Cooper <ma...@maxcooper.com>.
You should keep *.do for your servlet mapping.
Assuming you are using container-managed security, you can do something like
this for your security constraints:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured Resources</web-resource-name>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>strutsuser</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Public Resources</web-resource-name>
<url-pattern>/welcome.do</url-pattern>
</web-resource-collection>
</security-constraint>
The servlet spec requires that "exact" patterns like /welcome.do should be
matched before "extension" patterns like *.do. So, requests for /welcome.do
will match the security constraint that doesn't have any role requirements,
rather than the one that does.
-Max
----- Original Message -----
From: "Rajendra Kadam" <ra...@cisco.com>
To: "Struts-User" <st...@jakarta.apache.org>
Sent: Thursday, April 03, 2003 4:23 PM
Subject: How to do authentication in different way for different action
classes
> Hi,
>
> In our application,
>
> I don't want to do authentication to first action class ( welcome.do )
> But at the same time, I want to do authetication for all other action
> classes.
>
> Initally my web.xml was looking like this
>
> <servlet>
> <servlet-name>action</servlet-name>
>
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
> ......
> </servlet>
>
> <servlet-mapping>
> <servlet-name>action</servlet-name>
> <url-pattern>*.do</url-pattern>
> </servlet-mapping>
>
> But the disadvantage of doing this way, is that Authentication Dialog
> box comes up for welcome.do also. Which I don't want.
>
> Hence right now I'm putting all action classes for which authentication
> is required into url-pattern as shown below :
>
> <servlet-mapping>
> <servlet-name>action</servlet-name>
> <url-pattern>/abc.do</url-pattern>
> <url-pattern>/xya.do</url-pattern>
> <url-pattern>/sdabc.do</url-pattern>
> ......
> </servlet-mapping>
>
> Since I had not mentioned, welcome.do in above place, it doesn't do
> authentication for it.
>
> Dis-advantage of doing this is everytime I added new Action class, I
> have to make the entry into this url-pattern.
>
> Is there any better way of doing this ?
>
> TIA,
> raju
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org