«

Hello All. Thanks in advance for your help.

I'm trying to implement Application controlled security in conjunction
with the <security-constraint> option in web.xml. I'm using Struts
1.1 and Tomcat 5.0.24.Here's what I got.

web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>

struts-config.xml:
<form-beans>
<form-bean name="LoginForm" type="forms.LoginForm"/>
</form-beans>
...
<action
path="/Login"
type="actions.LoginAction"
name="LoginForm"
scope="request"
validate="true"
input="/login.jsp">
</action>

The LoginAction class takes care of authentication using the values in
LoginForm successfully. My question is, if the user request something
with /secure in it's path, for example, /secure/page1, how do I
forward to the originally requested page after the user is
authenticated successfully. Normally I would return an ActionForward
object that forwards to the requested page, but I'm not sure how to
figure out what the requested page is from within the LoginAction
object.

You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
It is an excellent Open Source Single Sign On product.

Cheers
Rajesh

(Antoine Diot) wrote in message news:<. com>...
> Hello All. Thanks in advance for your help.
>
> I'm trying to implement Application controlled security in conjunction
> with the <security-constraint> option in web.xml. I'm using Struts
> 1.1 and Tomcat 5.0.24.Here's what I got.
>
> web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Area</web-resource-name>
> <url-pattern>/secure/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> struts-config.xml:
> <form-beans>
> <form-bean name="LoginForm" type="forms.LoginForm"/>
> </form-beans>
> ...
> <action
> path="/Login"
> type="actions.LoginAction"
> name="LoginForm"
> scope="request"
> validate="true"
> input="/login.jsp">
> </action>
>
> The LoginAction class takes care of authentication using the values in
> LoginForm successfully. My question is, if the user request something
> with /secure in it's path, for example, /secure/page1, how do I
> forward to the originally requested page after the user is
> authenticated successfully. Normally I would return an ActionForward
> object that forwards to the requested page, but I'm not sure how to
> figure out what the requested page is from within the LoginAction
> object.

You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
It is an excellent Open Source Single Sign On product.

Cheers
Rajesh

(Antoine Diot) wrote in message news:<. com>...
> Hello All. Thanks in advance for your help.
>
> I'm trying to implement Application controlled security in conjunction
> with the <security-constraint> option in web.xml. I'm using Struts
> 1.1 and Tomcat 5.0.24.Here's what I got.
>
> web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Area</web-resource-name>
> <url-pattern>/secure/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> struts-config.xml:
> <form-beans>
> <form-bean name="LoginForm" type="forms.LoginForm"/>
> </form-beans>
> ...
> <action
> path="/Login"
> type="actions.LoginAction"
> name="LoginForm"
> scope="request"
> validate="true"
> input="/login.jsp">
> </action>
>
> The LoginAction class takes care of authentication using the values in
> LoginForm successfully. My question is, if the user request something
> with /secure in it's path, for example, /secure/page1, how do I
> forward to the originally requested page after the user is
> authenticated successfully. Normally I would return an ActionForward
> object that forwards to the requested page, but I'm not sure how to
> figure out what the requested page is from within the LoginAction
> object.

There is an alternative to using CAS (which seems promissing). Just
store the url of the requesting page in the session by default.
Define a string property in the Super ActionForm to set the "
frompage" in ever JSP you use (and perhaps the toPage). In this manner
you always keep control on the flow. Your login-action accesses the
form to retrieve the orginal page and forwards either to the login.jsp
or to tthe toPage".
Regards,
herman ( who's incredible drunk).


On 27 May 2004 16:09:53 -0700, (Antoine Diot) wrote:

>Hello All. Thanks in advance for your help.
>
>I'm trying to implement Application controlled security in conjunction
>with the <security-constraint> option in web.xml. I'm using Struts
>1.1 and Tomcat 5.0.24.Here's what I got.
>
>web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Area</web-resource-name>
> <url-pattern>/secure/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
>struts-config.xml:
> <form-beans>
> <form-bean name="LoginForm" type="forms.LoginForm"/>
> </form-beans>
> ...
> <action
> path="/Login"
> type="actions.LoginAction"
> name="LoginForm"
> scope="request"
> validate="true"
> input="/login.jsp">
> </action>
>
>The LoginAction class takes care of authentication using the values in
>LoginForm successfully. My question is, if the user request something
>with /secure in it's path, for example, /secure/page1, how do I
>forward to the originally requested page after the user is
>authenticated successfully. Normally I would return an ActionForward
>object that forwards to the requested page, but I'm not sure how to
>figure out what the requested page is from within the LoginAction
>object.

On 27 May 2004 16:09:53 -0700, (Antoine Diot) wrote:

>Hello All. Thanks in advance for your help.
>
>I'm trying to implement Application controlled security in conjunction
>with the <security-constraint> option in web.xml. I'm using Struts
>1.1 and Tomcat 5.0.24.Here's what I got.
>
>web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Area</web-resource-name>
> <url-pattern>/secure/*</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
>struts-config.xml:
> <form-beans>
> <form-bean name="LoginForm" type="forms.LoginForm"/>
> </form-beans>
> ...
> <action
> path="/Login"
> type="actions.LoginAction"
> name="LoginForm"
> scope="request"
> validate="true"
> input="/login.jsp">
> </action>
>
>The LoginAction class takes care of authentication using the values in
>LoginForm successfully. My question is, if the user request something
>with /secure in it's path, for example, /secure/page1, how do I
>forward to the originally requested page after the user is
>authenticated successfully. Normally I would return an ActionForward
>object that forwards to the requested page, but I'm not sure how to
>figure out what the requested page is from within the LoginAction
>object.