You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Matt Raible <ma...@raibledesigns.com> on 2002/02/18 19:20:53 UTC
RE: container managed security and login action?
I was able to change the code from:
RequestDispatcher rd = request.getRequestDispatcher(req);
rd.forward(request, response);
To:
response.sendRedirect(response.encodeRedirectURL(req));
And now it (kinda) works - it hits j_security_check at least. Now the
problem I am experiencing is (1) sometimes the URL w/ password shows up
in the URL, and (2) sometimes == shows up in the password, and this
causes a 500 Internal Server Error.
I am using Tomcat 4.0.1.
Thanks,
Matt
-----Original Message-----
From: Matt Raible [mailto:matt@raibledesigns.com]
Sent: Monday, February 18, 2002 10:33 AM
To: 'Michelle Popovits'
Subject: RE: container managed security and login action?
Michelle,
I tried using your sample LoginAction.java class to do what you're
doing. However, I get the following error from Tomcat:
Apache Tomcat/4.0.1 - HTTP Status 404 - /j_security_check
_____
type Status report
message /j_security_check
description The requested resource (/j_security_check) is not available.
My class is printing out the following correct values (I'm not
encrypting the password yet):
Req: 'j_security_check?j_username=admin&j_password=onpoint'
When I do this with regular container-managed authentication - it works
fine. Any ideas?
Thanks,
Matt
-----Original Message-----
From: Michelle Popovits [mailto:Michelle.Popovits@worldinsure.com]
Sent: Monday, February 18, 2002 6:37 AM
To: 'matt@raibledesigns.com'
Subject: RE: container managed security and login action?
Hi Matt,
I haven't actually been involved in the encryption part. I just provide
the place where the functionality will be added later.
Regards,
Michelle
-----Original Message-----
From: Matt Raible [mailto:matt@raibledesigns.com]
Sent: Saturday, February 16, 2002 8:08 PM
To: Michelle.Popovits@worldinsure.com
Subject: RE: container managed security and login action?
In reference to a Struts Mailing List posting at:
<http://www.mail-archive.com/struts-user@jakarta.apache.org/msg22257.htm
l>
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg22257.html
I'm wondering how you are encrypting your passwords - I have found the
following encoding routines, but apparently - they are very weak.
Thanks,
Matt
/**
* Encode a string using Base64 encoding
* This is weak encoding in that anyone can use the decodeString
* routine to reverse the encoding.
*/
public static String encodeString(String str)
throws IOException
{
sun.misc.BASE64Encoder encoder = new
sun.misc.BASE64Encoder();
String encodedStr = new
String(encoder.encodeBuffer(str.getBytes()));
return (encodedStr);
}
/**
* Decode a string
*/
public static String decodeString(String str)
throws IOException
{
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
String value = new String(dec.decodeBuffer(str));
return (value);
}