2 Replies Latest reply on Dec 3, 2002 2:21 PM by lenisha

Security roles with Struts in JBoss

lenisha Dec 3, 2002 10:46 AM

Hello all,
I have succeeded to configure DB security realm for JBoss container it works for simple JSP solution,

Bu I have problems to make it work with Struts !

Could anybody please be so kind and post here an example
how to configure Struts to use Container Managed Roles.

And post here your web.xml ans struts-config.xml ?

Thank you very much

1. Re: Security roles with Struts in JBoss

stask Dec 3, 2002 11:50 AM (in response to lenisha)

You can use the same configuration as for simple JSP. Struts dont care about the security configuration, so the only thing you should do is to configure web.xml and jboss-web.xml properly.
Actions
2. Re: Security roles with Struts in JBoss

lenisha Dec 3, 2002 2:21 PM (in response to lenisha)

No somehow it's different I have no problem when I have physical path like /secured/* and all the jsps are there.

But when I have Struts with logical mappings JBoss doesn't
authenticate users and gives following log on anything ,even non-existent user:

2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticating: Name:hello Password:****
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticated: hello
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] setting JAAS subjectAttributeName(j_subject) : null
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello is in Role: Administrator

My web.xml is :

<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

<init-param>
<param-name>validating</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>rulesets</param-name>
<param-value>com.oroad.stxx.config.TransformConfigRuleSet</param-value>
</init-param>
<init-param>
<param-name>renderFactory</param-name>
<param-value>com.oroad.stxx.render.XSLRenderFactory</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>


<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>restricted docs</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test for login</realm-name>
</login-config>
<security-role>
some role
<role-name>AuthorizedUser</role-name>
</security-role>

And struts-config.xml :

Actions

Go to original post