You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Sipe Informática <de...@sipeinformatica.com> on 2004/03/24 15:40:24 UTC
Using Tomcat declarative security for my app
Hi!, first of all excuse my poor english... I have this problem:
My idea for securing my app was using Tomcat, so i have two directories:
administrator and user, with their own jsp's.
In the web.xml i was pretending to do this:
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/administrator/*.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/user/*.do</url-pattern>
</servlet-mapping>
and protrect administrative and user directories with tomcat:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Menu Administrador
</web-resource-name>
<url-pattern>
/administrator/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrador</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>
/pagLogin.jsp
</form-login-page>
<form-error-page>
/errorLogin.jsp
</form-error-page>
</form-login-config>
</login-config>
But, even it seems to login correctly, always returns to me a 400
error (Invalid path) and I can`t access to any .do...
that <url-pattern> is correct? can i filter by /administrator/*.do? (I
have tried also by /administrator/ and returns de same message).
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org