|
Application Controlled Authentication - Tomcat & Struts
Hello All. Thanks in advance for your help.
I'm trying to implement Application controlled security in conjunction with the <security-constraint> option in web.xml. I'm using Struts 1.1 and Tomcat 5.0.24.Here's what I got. web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <url-pattern>/secure/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config> struts-config.xml: <form-beans> <form-bean name="LoginForm" type="forms.LoginForm"/> </form-beans> ... <action path="/Login" type="actions.LoginAction" name="LoginForm" scope="request" validate="true" input="/login.jsp"> </action> The LoginAction class takes care of authentication using the values in LoginForm successfully. My question is, if the user request something with /secure in it's path, for example, /secure/page1, how do I forward to the originally requested page after the user is authenticated successfully. Normally I would return an ActionForward object that forwards to the requested page, but I'm not sure how to figure out what the requested page is from within the LoginAction object. |
Re: Application Controlled Authentication - Tomcat & Struts
You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
It is an excellent Open Source Single Sign On product. Cheers Rajesh pdtwon@ufl.edu (Antoine Diot) wrote in message news:<29df7c99.0405271509.6bd6a102@posting.google. com>... > Hello All. Thanks in advance for your help. > > I'm trying to implement Application controlled security in conjunction > with the <security-constraint> option in web.xml. I'm using Struts > 1.1 and Tomcat 5.0.24.Here's what I got. > > web.xml: > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Area</web-resource-name> > <url-pattern>/secure/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginError.jsp</form-error-page> > </form-login-config> > </login-config> > > struts-config.xml: > <form-beans> > <form-bean name="LoginForm" type="forms.LoginForm"/> > </form-beans> > ... > <action > path="/Login" > type="actions.LoginAction" > name="LoginForm" > scope="request" > validate="true" > input="/login.jsp"> > </action> > > The LoginAction class takes care of authentication using the values in > LoginForm successfully. My question is, if the user request something > with /secure in it's path, for example, /secure/page1, how do I > forward to the originally requested page after the user is > authenticated successfully. Normally I would return an ActionForward > object that forwards to the requested page, but I'm not sure how to > figure out what the requested page is from within the LoginAction > object. |
Re: Application Controlled Authentication - Tomcat & Struts
You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
It is an excellent Open Source Single Sign On product. Cheers Rajesh pdtwon@ufl.edu (Antoine Diot) wrote in message news:<29df7c99.0405271509.6bd6a102@posting.google. com>... > Hello All. Thanks in advance for your help. > > I'm trying to implement Application controlled security in conjunction > with the <security-constraint> option in web.xml. I'm using Struts > 1.1 and Tomcat 5.0.24.Here's what I got. > > web.xml: > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Area</web-resource-name> > <url-pattern>/secure/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginError.jsp</form-error-page> > </form-login-config> > </login-config> > > struts-config.xml: > <form-beans> > <form-bean name="LoginForm" type="forms.LoginForm"/> > </form-beans> > ... > <action > path="/Login" > type="actions.LoginAction" > name="LoginForm" > scope="request" > validate="true" > input="/login.jsp"> > </action> > > The LoginAction class takes care of authentication using the values in > LoginForm successfully. My question is, if the user request something > with /secure in it's path, for example, /secure/page1, how do I > forward to the originally requested page after the user is > authenticated successfully. Normally I would return an ActionForward > object that forwards to the requested page, but I'm not sure how to > figure out what the requested page is from within the LoginAction > object. |
Re: Application Controlled Authentication - Tomcat & Struts
There is an alternative to using CAS (which seems promissing). Just
store the url of the requesting page in the session by default. Define a string property in the Super ActionForm to set the " frompage" in ever JSP you use (and perhaps the toPage). In this manner you always keep control on the flow. Your login-action accesses the form to retrieve the orginal page and forwards either to the login.jsp or to tthe toPage". Regards, herman ( who's incredible drunk). On 27 May 2004 16:09:53 -0700, pdtwon@ufl.edu (Antoine Diot) wrote: >Hello All. Thanks in advance for your help. > >I'm trying to implement Application controlled security in conjunction >with the <security-constraint> option in web.xml. I'm using Struts >1.1 and Tomcat 5.0.24.Here's what I got. > >web.xml: > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Area</web-resource-name> > <url-pattern>/secure/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginError.jsp</form-error-page> > </form-login-config> > </login-config> > >struts-config.xml: > <form-beans> > <form-bean name="LoginForm" type="forms.LoginForm"/> > </form-beans> > ... > <action > path="/Login" > type="actions.LoginAction" > name="LoginForm" > scope="request" > validate="true" > input="/login.jsp"> > </action> > >The LoginAction class takes care of authentication using the values in >LoginForm successfully. My question is, if the user request something >with /secure in it's path, for example, /secure/page1, how do I >forward to the originally requested page after the user is >authenticated successfully. Normally I would return an ActionForward >object that forwards to the requested page, but I'm not sure how to >figure out what the requested page is from within the LoginAction >object. |
Re: Application Controlled Authentication - Tomcat & Struts
On 27 May 2004 16:09:53 -0700, pdtwon@ufl.edu (Antoine Diot) wrote:
>Hello All. Thanks in advance for your help. > >I'm trying to implement Application controlled security in conjunction >with the <security-constraint> option in web.xml. I'm using Struts >1.1 and Tomcat 5.0.24.Here's what I got. > >web.xml: > <security-constraint> > <web-resource-collection> > <web-resource-name>Secure Area</web-resource-name> > <url-pattern>/secure/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginError.jsp</form-error-page> > </form-login-config> > </login-config> > >struts-config.xml: > <form-beans> > <form-bean name="LoginForm" type="forms.LoginForm"/> > </form-beans> > ... > <action > path="/Login" > type="actions.LoginAction" > name="LoginForm" > scope="request" > validate="true" > input="/login.jsp"> > </action> > >The LoginAction class takes care of authentication using the values in >LoginForm successfully. My question is, if the user request something >with /secure in it's path, for example, /secure/page1, how do I >forward to the originally requested page after the user is >authenticated successfully. Normally I would return an ActionForward >object that forwards to the requested page, but I'm not sure how to >figure out what the requested page is from within the LoginAction >object. |
| All times are GMT. The time now is 11:22 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.