2 Replies Latest reply on Dec 3, 2002 2:21 PM by Elena Neroslavskaya

    Security roles with Struts in JBoss

    Elena Neroslavskaya Newbie

      Hello all,
      I have succeeded to configure DB security realm for JBoss container it works for simple JSP solution,

      Bu I have problems to make it work with Struts !

      Could anybody please be so kind and post here an example
      how to configure Struts to use Container Managed Roles.

      And post here your web.xml ans struts-config.xml ?

      Thank you very much

        • 1. Re: Security roles with Struts in JBoss
          StasK Newbie

          You can use the same configuration as for simple JSP. Struts dont care about the security configuration, so the only thing you should do is to configure web.xml and jboss-web.xml properly.

          • 2. Re: Security roles with Struts in JBoss
            Elena Neroslavskaya Newbie

            No somehow it's different I have no problem when I have physical path like /secured/* and all the jsps are there.

            But when I have Struts with logical mappings JBoss doesn't
            authenticate users and gives following log on anything ,even non-existent user:

            2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello
            2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticating: Name:hello Password:****
            2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] authenticated: hello
            2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] setting JAAS subjectAttributeName(j_subject) : null
            2002-12-03 14:19:20,754 DEBUG [org.jboss.jetty.security.JBossUserRealm#eXformaDbRealm] JBossUserPrincipal: hello is in Role: Administrator



            My web.xml is :

            <servlet-name>action</servlet-name>
            <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
            <!-- Stxx configuration -->
            <init-param>
            <param-name>validating</param-name>
            <param-value>false</param-value>
            </init-param>
            <init-param>
            <param-name>rulesets</param-name>
            <param-value>com.oroad.stxx.config.TransformConfigRuleSet</param-value>
            </init-param>
            <init-param>
            <param-name>renderFactory</param-name>
            <param-value>com.oroad.stxx.render.XSLRenderFactory</param-value>
            </init-param>
            <init-param>
            <param-name>config</param-name>
            <param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
            </init-param>
            <init-param>
            <param-name>config</param-name>
            <param-value>/WEB-INF/config/struts-config-stxx.xml</param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>


            <!-- Action Servlet Mapping -->
            <servlet-mapping>
            <servlet-name>action</servlet-name>
            <url-pattern>*.do</url-pattern>
            </servlet-mapping>

            <security-constraint>
            <web-resource-collection>
            <web-resource-name>restricted docs</web-resource-name>
            <url-pattern>/secure/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>

            <auth-constraint>
            <role-name>AuthorizedUser</role-name>
            </auth-constraint>
            <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
            </security-constraint>
            <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>test for login</realm-name>
            </login-config>
            <security-role>
            some role
            <role-name>AuthorizedUser</role-name>
            </security-role>


            And struts-config.xml :
            <!-- Get List of Categories -->