You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by olgt <ol...@yahoo.com> on 2004/04/28 18:23:57 UTC
Re: struts action url mapping and container managed authorization - help is needed, please !!
Did anybody used struts in the container managed
authentication environment ?
--- olgt <ol...@yahoo.com> wrote:
> Greetings to all -
>
> I need to have a number of
> authentication/registration
> related actions to be available w/out container
> managed authentication. The problem is that
> ActionServlet can only have one mapping:
>
> 5.4.2 Configure the Action Servlet Mapping WARNING -
> Struts will not operate correctly if you define more
> than one <servlet-mapping> element for the
> controller
> servlet.
>
> I use extension mapping since according to 5.4.2
> Configure the Action Servlet Mapping: WARNING - If
> you
> are using the new module support in Struts 1.1, you
> should be aware that only extension mapping is
> supported.
>
> So, in web.xml I have this:
> <servlet-mapping>
> <servlet-name>action</servlet-name>
> <url-pattern>*.do</url-pattern>
> </servlet-mapping>
>
> <security-constraint>
> <web-resource-collection>
> <url-pattern>*.do</url-pattern>
> <url-pattern>/jsp/*</url-pattern>
> </web-resource-collection>
> </security-constraint>
>
> Do I have to now enumerate all of the secured
> actions
> here (instead of "*.do") in order to 'open' a few
> login/registration related ones ? What is the best
> practice to deal with this issue ?
>
> Any ideas are greatly appreciated.
> Thanks
> Pavel
>
> Note. Here is what I've tried in the past. I've
> created a new servlet and gave it a special mapping.
> This servlet gets a reference to the struts action
> servlet as
>
> ActionServlet actionServlet =
>
>
(ActionServlet)getServletContext().getAttribute(Globals.ACTION_SERVLET_KEY);
>
> and then calls doGet/doPost on it. This way I can
> use
> multiple url mappings for the struts actions.
>
> This approach helped to get access to the actions
> outside of the struts framework (straight html
> get/post).
>
> However, there is a problem with this approach.
>
> If I map my proxy servlet using prefix mapping as
> <servlet-mapping>
> <servlet-name>publicProxy</servlet-name>
> <url-pattern>/public/*</url-pattern>
> </servlet-mapping>
>
> then html:form tag
> <html:form action="/authenticate.public">
> will resolve into
> <form name="loginForm" method="post"
> action="/mycontext/public/authenticate.do">
> which will cause the container authorization check
>
> If I map my proxy servlet using extension mapping as
> <servlet-mapping>
> <servlet-name>publicProxy</servlet-name>
> <url-pattern>*.public</url-pattern>
> </servlet-mapping>
>
> then html:form tag
> <html:form action="/authenticate.public">
> will cause the exception:
> Cannot retrieve mapping for action /authenticate
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
>
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: struts action url mapping and container managed authorization - help is needed, please !!
Posted by Niall Pemberton <ni...@blueyonder.co.uk>.
Yes
----- Original Message -----
From: "olgt" <ol...@yahoo.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Wednesday, April 28, 2004 5:23 PM
Subject: Re: struts action url mapping and container managed authorization -
help is needed, please !!
> Did anybody used struts in the container managed
> authentication environment ?
>
> --- olgt <ol...@yahoo.com> wrote:
> > Greetings to all -
> >
> > I need to have a number of
> > authentication/registration
> > related actions to be available w/out container
> > managed authentication. The problem is that
> > ActionServlet can only have one mapping:
> >
> > 5.4.2 Configure the Action Servlet Mapping WARNING -
> > Struts will not operate correctly if you define more
> > than one <servlet-mapping> element for the
> > controller
> > servlet.
> >
> > I use extension mapping since according to 5.4.2
> > Configure the Action Servlet Mapping: WARNING - If
> > you
> > are using the new module support in Struts 1.1, you
> > should be aware that only extension mapping is
> > supported.
> >
> > So, in web.xml I have this:
> > <servlet-mapping>
> > <servlet-name>action</servlet-name>
> > <url-pattern>*.do</url-pattern>
> > </servlet-mapping>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <url-pattern>*.do</url-pattern>
> > <url-pattern>/jsp/*</url-pattern>
> > </web-resource-collection>
> > </security-constraint>
> >
> > Do I have to now enumerate all of the secured
> > actions
> > here (instead of "*.do") in order to 'open' a few
> > login/registration related ones ? What is the best
> > practice to deal with this issue ?
> >
> > Any ideas are greatly appreciated.
> > Thanks
> > Pavel
> >
> > Note. Here is what I've tried in the past. I've
> > created a new servlet and gave it a special mapping.
> > This servlet gets a reference to the struts action
> > servlet as
> >
> > ActionServlet actionServlet =
> >
> >
>
(ActionServlet)getServletContext().getAttribute(Globals.ACTION_SERVLET_KEY);
> >
> > and then calls doGet/doPost on it. This way I can
> > use
> > multiple url mappings for the struts actions.
> >
> > This approach helped to get access to the actions
> > outside of the struts framework (straight html
> > get/post).
> >
> > However, there is a problem with this approach.
> >
> > If I map my proxy servlet using prefix mapping as
> > <servlet-mapping>
> > <servlet-name>publicProxy</servlet-name>
> > <url-pattern>/public/*</url-pattern>
> > </servlet-mapping>
> >
> > then html:form tag
> > <html:form action="/authenticate.public">
> > will resolve into
> > <form name="loginForm" method="post"
> > action="/mycontext/public/authenticate.do">
> > which will cause the container authorization check
> >
> > If I map my proxy servlet using extension mapping as
> > <servlet-mapping>
> > <servlet-name>publicProxy</servlet-name>
> > <url-pattern>*.public</url-pattern>
> > </servlet-mapping>
> >
> > then html:form tag
> > <html:form action="/authenticate.public">
> > will cause the exception:
> > Cannot retrieve mapping for action /authenticate
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Win a $20,000 Career Makeover at Yahoo! HotJobs
> > http://hotjobs.sweepstakes.yahoo.com/careermakeover
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > user-unsubscribe@struts.apache.org
> > For additional commands, e-mail:
> > user-help@struts.apache.org
> >
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org