Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > integration between struts and servlet auth

Reply
Thread Tools

integration between struts and servlet auth

 
 
tremalnaik@gmail.com
Guest
Posts: n/a
 
      07-29-2005
Hi everibody,
I'm using the ssl extension library for Struts (sslext) to switch
between encrypted and unencrypted pages in my webapp. Everything works
fine excerpt for the login page, which is handled by the servlet
authentication mechanism. Some excerpt from my config files follow:

------------ web.xml ------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected actions and
pages</web-resource-name>
<description>no description</description>
<url-pattern>*.do</url-pattern>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TestUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/WEB-INF/jsp/logon/logon.jsp</form-login-page>

<form-error-page>/WEB-INF/jsp/logon/logonError.jsp</form-error-page>
</form-login-config>
</login-config>

------------ web.xml ------------------

------------- struts-config.xml ------------
<action-mappings type="org.apache.struts.config.SecureActionConfig" >
<action forward="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >
<set-property property="secure" value="true"/>
</action>
<action input="page.clientHome" name="accountForm"
path="/openClient" scope="session"
type="com.ciccio.pasticcio.web.actions.OpenClientA ction"
validate="true" >
<set-property property="secure" value="false"/>
</action>
</action-mappings>
.....
<controller
processorClass="org.apache.struts.action.SecureTil esRequestProcessor"
/>
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="8080"/>
<set-property property="httpsPort" value="8443"/>
<set-property property="enable" value="true"/>
<set-property property="addSession" value="false"/>
</plug-in>
------------- struts-config.xml ------------

First I tried adding at the top of logon.jsp these lines:

<%@ taglib uri="/WEB-INF/tld/sslext.tld" prefix="sslext"%>
<sslextageScheme secure="true" />

but when I try to access a protected url (ie.
http://localhost:8080/testapp/openClient.do) I have an error:

'The requested resource (/testapp/WEB-INF/jsp/logon/logon.jsp) is not
available.'

So I got rid of the sslext tag and I modified the web.xml
<login-config> as

<form-login-page>/logon.do</form-login-page>

Now encryption works and the logon page appears on a secure channel,
but when I push the form login button the user (while authenticated) is
not redirected to the original URL he has entered (openClient) but
remains in the login page. It seems the URL got lost by the container
because of the http -> https redirection.

I've tried with

<action include="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >

but the behaviour was not changing. I tested with IE 6.0 and Firefox
1.0.4

Can anyone help me?

TREMALNAIK

 
Reply With Quote
 
 
 
 
Andrew Thompson
Guest
Posts: n/a
 
      07-29-2005
On 29 Jul 2005 04:07:36 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> Hi everibody,
> I'm ..


...multi-posting. Please refrain from doing so.
<http://www.physci.org/codes/javafaq.jsp#xpost>

--
Andrew Thompson
physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
See You On Some Other Channel
 
Reply With Quote
 
 
 
 
tremalnaik@gmail.com
Guest
Posts: n/a
 
      07-29-2005
Andrew Thompson wrote:
> ..multi-posting. Please refrain from doing so.
> <http://www.physci.org/codes/javafaq.jsp#xpost>


Multiposting is when the number of reposting reaches the number of 3

TREMALNAIK

 
Reply With Quote
 
Andrew Thompson
Guest
Posts: n/a
 
      07-29-2005
On 29 Jul 2005 04:47:23 -0700, (E-Mail Removed) wrote:

> Andrew Thompson wrote:
>> ..multi-posting. Please refrain from doing so.
>> <http://www.physci.org/codes/javafaq.jsp#xpost>

>
> Multiposting is when the number of reposting reaches the number of 3


- Got a reference for that? My reference is RFC 1855,
Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
<http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
You might try reading that sometime (before you next
consider multi-posting to two or more groups).

- How am I supposed to know how many groups you have posted
to. You made no reference to the other post(s) in any thread
I saw. Loan me your crystal ball?

- Given the first point, why should I care how many groups
you have mutli-posted to?

But ultimately, it seems you are saying 'it is OK to waste
people's time, so long as it is only on two groups at a time'.

Does that sum up the way you see it?

--
Andrew Thompson
physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
Known To Cause Insanity In Laboratory Mice
 
Reply With Quote
 
tremalnaik@gmail.com
Guest
Posts: n/a
 
      07-29-2005
Andrew Thompson wrote:
> - Got a reference for that? My reference is RFC 1855,
> Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
> <http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
> You might try reading that sometime (before you next
> consider multi-posting to two or more groups).


ok, I don't have any RFC to refer to, but in my opinion education is a
matter of opinion, not a RFC problem. I believe that waiting people
"behind a tree" to catch them doing something we consider wrong just
for the pleasure you get in complaining reveals some kind of pestilent
thinking. I believe I was not unpolite, neither if you look my posts in
the USENET you may say I ever committed some annoying action against
noone. I just posted my question in the Help group, then, I decided the
Programmer group was better, that's all. I don't think that my
beheavior caused the wasting of anyone precious time, as the offtopic
discussion in which we are involving. I apologize .

TREMALNAIK

 
Reply With Quote
 
Andrew Thompson
Guest
Posts: n/a
 
      07-29-2005
On 29 Jul 2005 05:42:59 -0700, (E-Mail Removed) wrote:

> Andrew Thompson wrote:
>> - Got a reference for that? My reference is RFC 1855,

....
> ok, I don't have any RFC to refer to, ..


You can refer to the same one. I sure don't 'own' it.
It was formulated long before I ever posted to the
usenet news groups.

>..but in my opinion education is a matter of opinion,


Who's. Yours?

The prevailing opinion (by many contributors to the groups)
is that multi-posting is counter productive.

> ..I apologize .


...I do not feel you owe me (or anyone) an apology.

I would like to hear though, that you intend *not* to
multi-post in future.

--
Andrew Thompson
physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
Featuring Gratuitous Alien Nudity
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
while integration struts with spring "Servlet action is notavailable" Amit Jain Java 1 06-13-2008 05:53 AM
windows auth and forms auth Smokey Grindle ASP .Net 1 06-08-2006 03:14 PM
Form Auth and windows int auth cs ASP .Net Security 1 04-28-2006 03:05 PM
Servlet question(Tomcat, web.xml, servlet-class, servlet-name) circuit_breaker Java 2 04-04-2004 03:26 AM
container-auth vs servlet-auth role-checking? Mark Chai Java 1 10-01-2003 06:30 PM



Advertisments