Re: Struts 2 Container Security problem

[pblatner <pb...@gmail.com>]

I have tried to do the exact thing that Jeromy suggests below with 2
packages.  And then in the web.xml specify a security constraint with the
URL pattern "/protected/*".  After doing so, I am not getting the result
that I think I should be.

When issuing a request for my action at
"http://localhost/MyApp/protected/HomeAction", the container is not
intercepting and challenging me with my logon.html page.

Anyone know why this isn't working?  

The struts 2 servlet-filter pattern is "/*".  It seems pretty obvious that
the struts 2 servlet filter is responding to the first part of the URL:
"http://localhost/MyApp/*" and the container isn't seeing that as a secured
resource.

Am I missing a configuration pattern somewhere that tells the container to
inspect the full URL before allowing the servlet filter to process it?

My deployment environment is WebSphere 6.1.  Are there any incompatibilities
between WebSphere 6.1 and struts 2 that could be causing this?

Thanks,
Pete.


Jeromy Evans - Blue Sky Minds wrote:
> 
> In struts.xml, the namespace given to your package needs be in 
> /protected as well.
> eg. <package name="myPackage" namespace="/protected">
> Otherwise, as you've seen, it's available in the root of the 
> application's context path.
> 
> I usually split my struts2 application into at least two packages:
> <package name="public" namespace="/"> ...
> <package name="secure" namespace="/protected">
> 

-- 
View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org