Problem with rolesAllowed and directory only URLs

["McClure, Doug " <DM...@tiaa-cref.org>]

I am working with Beehive 1.0.1 and I'm running up against a problem
with the rolesAllowed attribute.

Everything works fine, in that users are prevented from accessing pages
when a URL is specified as http://server/app/admin/editRule.do.  But if
I go to http://server/app/admin/ directly it skips that role check and
just displays me the main page.  I've tried all manner of different
setups for my begin action method, but I just can not get the security
stuff to trigger.

I never did role based security with Struts, so I've no experience with
how to solve it there.

Any ideas?

Doug McClure
Senior Consultant
Adroit Software, Inc
SSC, Bldg 8625, E4-S4
704-988-4634 / 8926-4634

********************************************************************************************
This message, including any attachments, contains confidential information intended 
for a specific individual and purpose, and is protected by law. If you are not the intended 
recipient, please contact the sender immediately by reply e-mail and destroy all copies.
You are hereby notified that any disclosure, copying, or distribution of this message, or
the taking of any action based on it, is strictly prohibited.

TIAA-CREF
********************************************************************************************

Solved RE: Problem with rolesAllowed and directory only URLs

["McClure, Doug " <DM...@tiaa-cref.org>]

I solved my own problem.  After countless hours trying to solve this, a
little brain jogging by a co-worker made me stumble across the fact that
just hitting .../admin/ wasn't actually triggering my begin action,
which is what I thought it was doing.  It was in fact just going
straight to the index.jsp (which begin points to) which was being
controlled by the welcome-file-list.  Adding
<welcome-file>begin.do</welcome-file> to the beginning of that list
makes sure that I actually trigger my begin action and the role
authorization along with it.
 
Doug McClure
Senior Consultant
Adroit Software, Inc
SSC, Bldg 8625, E4-S4
704-988-4634 / 8926-4634
 

-----Original Message-----
From: McClure, Doug 
Sent: Wednesday, March 19, 2008 4:59 PM
To: Beehive Users
Subject: Problem with rolesAllowed and directory only URLs

I am working with Beehive 1.0.1 and I'm running up against a problem
with the rolesAllowed attribute.

Everything works fine, in that users are prevented from accessing pages
when a URL is specified as http://server/app/admin/editRule.do.  But if
I go to http://server/app/admin/ directly it skips that role check and
just displays me the main page.  I've tried all manner of different
setups for my begin action method, but I just can not get the security
stuff to trigger.

I never did role based security with Struts, so I've no experience with
how to solve it there.

Any ideas?

Doug McClure
Senior Consultant
Adroit Software, Inc
SSC, Bldg 8625, E4-S4
704-988-4634 / 8926-4634

************************************************************************
********************
This message, including any attachments, contains confidential
information intended 
for a specific individual and purpose, and is protected by law. If you
are not the intended 
recipient, please contact the sender immediately by reply e-mail and
destroy all copies.
You are hereby notified that any disclosure, copying, or distribution of
this message, or
the taking of any action based on it, is strictly prohibited.

TIAA-CREF
************************************************************************
********************

********************************************************************************************
This message, including any attachments, contains confidential information intended 
for a specific individual and purpose, and is protected by law. If you are not the intended 
recipient, please contact the sender immediately by reply e-mail and destroy all copies.
You are hereby notified that any disclosure, copying, or distribution of this message, or
the taking of any action based on it, is strictly prohibited.

TIAA-CREF
********************************************************************************************