Struts security setup!! please help
potdl Jan 14, 2005 8:55 AMHi all,
I have a problem with my struts config...
I`ve setup all the login pages and action classes, configured the Login as Form based and all the rest. but here is the problem
If leave out my security constraint settings out of my web.xml file:
<security-constraint> <web-resource-collection> <web-resource-name>action</web-resource-name> <description>Declarative security tests</description> <url-pattern>*.do</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <!-- <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> --> </web-resource-collection> <!-- the role which can access these resources --> <auth-constraint> <role-name>Echo</role-name> <role-name>duke</role-name> <role-name>Java</role-name> </auth-constraint> <user-data-constraint> <description>no description</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/Login.jsp</form-login-page> <form-error-page>/Login_error.jsp</form-error-page> </form-login-config> </login-config>
My web app runs and i can go to the Login.jsp page through url and type in the username and password, and get full authentication and get forwarded to the welcome page. Perfect.
but as soon as i enable the above listed code, i automatically get reruited to the Login page ( which is perfect) but as soon as i enter the user name and password and press login(submit), i go back to the login page, i dont even reach my action class.
here is the login jsp :
<%@ page contentType="text/html; charset=UTF-8" %> <%@ page language="java" %> <html > <HEAD> <TITLE></TITLE> <!-- To prevent caching --> <% response.setHeader("Cache-Control","no-cache"); // HTTP 1.1 response.setHeader("Pragma","no-cache"); // HTTP 1.0 response.setDateHeader ("Expires", -1); // Prevents caching at the proxy server %> <SCRIPT type="Javascript"> function submitForm() { var frm = document. logonForm; // Check if all the required fields have been entered by the user before // submitting the form if( frm.j_username.value == "" ) { alert("Please fill in username"); frm.j_username.focus(); return ; } if( frm.j_password.value == "" ) { alert("Please fill in password"); frm.j_password.focus(); return ; } frm.submit(); } </SCRIPT> </HEAD> <BODY> <h2>Please enter login details</h2> <FORM name="logonForm" action="LogonAction.do" method="POST"> <TABLE width="100%" border="0" cellspacing="0" cellpadding= "1" bgcolor="white"> <TABLE width="100%" border="0" cellspacing= "0" cellpadding="5"> <TR align="center"> <TD align="right" class="Prompt"></TD> <TD align="left"> Username : <INPUT type="text" name="j_username" maxlength=20> </TD> </TR> <TR align="center"> <TD align="right" class="Prompt"> </TD> <TD align="left"> Password : <INPUT type="password" name="j_password" maxlength=20 > <BR> <TR align="center"> <TD align="right" class="Prompt"> </TD> <TD align="left"> <input type="submit" value="Login"> </TD> </TR> </TABLE> </FORM> </BODY> </html>.
I think the problem is that my security constaint is set to reruite everything that ends with *.do and authenticate it, so when i press submit in the login page, it reroutes me back to the login page, because i`m not authenticated??
Please if anyone can help. i`m rather stuck and this is the first time i`m doing authentication,
Thanks
Derick