-
1. Re: Security roles with Struts in JBoss
stask Dec 3, 2002 11:50 AM (in response to lenisha)You can use the same configuration as for simple JSP. Struts dont care about the security configuration, so the only thing you should do is to configure web.xml and jboss-web.xml properly.
-
2. Re: Security roles with Struts in JBoss
lenisha Dec 3, 2002 2:21 PM (in response to lenisha)No somehow it's different I have no problem when I have physical path like /secured/* and all the jsps are there.
But when I have Struts with logical mappings JBoss doesn't
authenticate users and gives following log on anything ,even non-existent user:
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticating: Name:hello Password:****
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticated: hello
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] setting JAAS subjectAttributeName(j_subject) : null
2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello is in Role: Administrator
My web.xml is :
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<!-- Stxx configuration -->
<init-param>
<param-name>validating</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>rulesets</param-name>
<param-value>com.oroad.stxx.config.TransformConfigRuleSet</param-value>
</init-param>
<init-param>
<param-name>renderFactory</param-name>
<param-value>com.oroad.stxx.render.XSLRenderFactory</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted docs</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>AuthorizedUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test for login</realm-name>
</login-config>
<security-role>
some role
<role-name>AuthorizedUser</role-name>
</security-role>
And struts-config.xml :
<!-- Get List of Categories -->