Application Controlled Authentication - Tomcat & Struts

Discussion in 'Java' started by Antoine Diot, May 28, 2004.

  1. Antoine Diot

    Antoine Diot Guest

    Hello All. Thanks in advance for your help.

    I'm trying to implement Application controlled security in conjunction
    with the <security-constraint> option in web.xml. I'm using Struts
    1.1 and Tomcat 5.0.24.Here's what I got.

    web.xml:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Secure Area</web-resource-name>
    <url-pattern>/secure/*</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
    </login-config>

    struts-config.xml:
    <form-beans>
    <form-bean name="LoginForm" type="forms.LoginForm"/>
    </form-beans>
    ...
    <action
    path="/Login"
    type="actions.LoginAction"
    name="LoginForm"
    scope="request"
    validate="true"
    input="/login.jsp">
    </action>

    The LoginAction class takes care of authentication using the values in
    LoginForm successfully. My question is, if the user request something
    with /secure in it's path, for example, /secure/page1, how do I
    forward to the originally requested page after the user is
    authenticated successfully. Normally I would return an ActionForward
    object that forwards to the requested page, but I'm not sure how to
    figure out what the requested page is from within the LoginAction
    object.
     
    Antoine Diot, May 28, 2004
    #1
    1. Advertising

  2. You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
    It is an excellent Open Source Single Sign On product.

    Cheers
    Rajesh

    (Antoine Diot) wrote in message news:<>...
    > Hello All. Thanks in advance for your help.
    >
    > I'm trying to implement Application controlled security in conjunction
    > with the <security-constraint> option in web.xml. I'm using Struts
    > 1.1 and Tomcat 5.0.24.Here's what I got.
    >
    > web.xml:
    > <security-constraint>
    > <web-resource-collection>
    > <web-resource-name>Secure Area</web-resource-name>
    > <url-pattern>/secure/*</url-pattern>
    > <http-method>DELETE</http-method>
    > <http-method>GET</http-method>
    > <http-method>POST</http-method>
    > <http-method>PUT</http-method>
    > </web-resource-collection>
    > <auth-constraint>
    > <role-name>admin</role-name>
    > </auth-constraint>
    > <user-data-constraint>
    > <transport-guarantee>NONE</transport-guarantee>
    > </user-data-constraint>
    > </security-constraint>
    > <login-config>
    > <auth-method>FORM</auth-method>
    > <form-login-config>
    > <form-login-page>/login.jsp</form-login-page>
    > <form-error-page>/loginError.jsp</form-error-page>
    > </form-login-config>
    > </login-config>
    >
    > struts-config.xml:
    > <form-beans>
    > <form-bean name="LoginForm" type="forms.LoginForm"/>
    > </form-beans>
    > ...
    > <action
    > path="/Login"
    > type="actions.LoginAction"
    > name="LoginForm"
    > scope="request"
    > validate="true"
    > input="/login.jsp">
    > </action>
    >
    > The LoginAction class takes care of authentication using the values in
    > LoginForm successfully. My question is, if the user request something
    > with /secure in it's path, for example, /secure/page1, how do I
    > forward to the originally requested page after the user is
    > authenticated successfully. Normally I would return an ActionForward
    > object that forwards to the requested page, but I'm not sure how to
    > figure out what the requested page is from within the LoginAction
    > object.
     
    Rajesh Tihari, May 28, 2004
    #2
    1. Advertising

  3. You can also try out CAS. It is available at http://www.yale.edu/tp/auth/
    It is an excellent Open Source Single Sign On product.

    Cheers
    Rajesh

    (Antoine Diot) wrote in message news:<>...
    > Hello All. Thanks in advance for your help.
    >
    > I'm trying to implement Application controlled security in conjunction
    > with the <security-constraint> option in web.xml. I'm using Struts
    > 1.1 and Tomcat 5.0.24.Here's what I got.
    >
    > web.xml:
    > <security-constraint>
    > <web-resource-collection>
    > <web-resource-name>Secure Area</web-resource-name>
    > <url-pattern>/secure/*</url-pattern>
    > <http-method>DELETE</http-method>
    > <http-method>GET</http-method>
    > <http-method>POST</http-method>
    > <http-method>PUT</http-method>
    > </web-resource-collection>
    > <auth-constraint>
    > <role-name>admin</role-name>
    > </auth-constraint>
    > <user-data-constraint>
    > <transport-guarantee>NONE</transport-guarantee>
    > </user-data-constraint>
    > </security-constraint>
    > <login-config>
    > <auth-method>FORM</auth-method>
    > <form-login-config>
    > <form-login-page>/login.jsp</form-login-page>
    > <form-error-page>/loginError.jsp</form-error-page>
    > </form-login-config>
    > </login-config>
    >
    > struts-config.xml:
    > <form-beans>
    > <form-bean name="LoginForm" type="forms.LoginForm"/>
    > </form-beans>
    > ...
    > <action
    > path="/Login"
    > type="actions.LoginAction"
    > name="LoginForm"
    > scope="request"
    > validate="true"
    > input="/login.jsp">
    > </action>
    >
    > The LoginAction class takes care of authentication using the values in
    > LoginForm successfully. My question is, if the user request something
    > with /secure in it's path, for example, /secure/page1, how do I
    > forward to the originally requested page after the user is
    > authenticated successfully. Normally I would return an ActionForward
    > object that forwards to the requested page, but I'm not sure how to
    > figure out what the requested page is from within the LoginAction
    > object.
     
    Rajesh Tihari, May 28, 2004
    #3
  4. Antoine Diot

    pravda Guest

    There is an alternative to using CAS (which seems promissing). Just
    store the url of the requesting page in the session by default.
    Define a string property in the Super ActionForm to set the "
    frompage" in ever JSP you use (and perhaps the toPage). In this manner
    you always keep control on the flow. Your login-action accesses the
    form to retrieve the orginal page and forwards either to the login.jsp
    or to tthe toPage".
    Regards,
    herman ( who's incredible drunk).


    On 27 May 2004 16:09:53 -0700, (Antoine Diot) wrote:

    >Hello All. Thanks in advance for your help.
    >
    >I'm trying to implement Application controlled security in conjunction
    >with the <security-constraint> option in web.xml. I'm using Struts
    >1.1 and Tomcat 5.0.24.Here's what I got.
    >
    >web.xml:
    > <security-constraint>
    > <web-resource-collection>
    > <web-resource-name>Secure Area</web-resource-name>
    > <url-pattern>/secure/*</url-pattern>
    > <http-method>DELETE</http-method>
    > <http-method>GET</http-method>
    > <http-method>POST</http-method>
    > <http-method>PUT</http-method>
    > </web-resource-collection>
    > <auth-constraint>
    > <role-name>admin</role-name>
    > </auth-constraint>
    > <user-data-constraint>
    > <transport-guarantee>NONE</transport-guarantee>
    > </user-data-constraint>
    > </security-constraint>
    > <login-config>
    > <auth-method>FORM</auth-method>
    > <form-login-config>
    > <form-login-page>/login.jsp</form-login-page>
    > <form-error-page>/loginError.jsp</form-error-page>
    > </form-login-config>
    > </login-config>
    >
    >struts-config.xml:
    > <form-beans>
    > <form-bean name="LoginForm" type="forms.LoginForm"/>
    > </form-beans>
    > ...
    > <action
    > path="/Login"
    > type="actions.LoginAction"
    > name="LoginForm"
    > scope="request"
    > validate="true"
    > input="/login.jsp">
    > </action>
    >
    >The LoginAction class takes care of authentication using the values in
    >LoginForm successfully. My question is, if the user request something
    >with /secure in it's path, for example, /secure/page1, how do I
    >forward to the originally requested page after the user is
    >authenticated successfully. Normally I would return an ActionForward
    >object that forwards to the requested page, but I'm not sure how to
    >figure out what the requested page is from within the LoginAction
    >object.
     
    pravda, Jun 5, 2004
    #4
  5. Antoine Diot

    pravda Guest

    On 27 May 2004 16:09:53 -0700, (Antoine Diot) wrote:

    >Hello All. Thanks in advance for your help.
    >
    >I'm trying to implement Application controlled security in conjunction
    >with the <security-constraint> option in web.xml. I'm using Struts
    >1.1 and Tomcat 5.0.24.Here's what I got.
    >
    >web.xml:
    > <security-constraint>
    > <web-resource-collection>
    > <web-resource-name>Secure Area</web-resource-name>
    > <url-pattern>/secure/*</url-pattern>
    > <http-method>DELETE</http-method>
    > <http-method>GET</http-method>
    > <http-method>POST</http-method>
    > <http-method>PUT</http-method>
    > </web-resource-collection>
    > <auth-constraint>
    > <role-name>admin</role-name>
    > </auth-constraint>
    > <user-data-constraint>
    > <transport-guarantee>NONE</transport-guarantee>
    > </user-data-constraint>
    > </security-constraint>
    > <login-config>
    > <auth-method>FORM</auth-method>
    > <form-login-config>
    > <form-login-page>/login.jsp</form-login-page>
    > <form-error-page>/loginError.jsp</form-error-page>
    > </form-login-config>
    > </login-config>
    >
    >struts-config.xml:
    > <form-beans>
    > <form-bean name="LoginForm" type="forms.LoginForm"/>
    > </form-beans>
    > ...
    > <action
    > path="/Login"
    > type="actions.LoginAction"
    > name="LoginForm"
    > scope="request"
    > validate="true"
    > input="/login.jsp">
    > </action>
    >
    >The LoginAction class takes care of authentication using the values in
    >LoginForm successfully. My question is, if the user request something
    >with /secure in it's path, for example, /secure/page1, how do I
    >forward to the originally requested page after the user is
    >authenticated successfully. Normally I would return an ActionForward
    >object that forwards to the requested page, but I'm not sure how to
    >figure out what the requested page is from within the LoginAction
    >object.
     
    pravda, Jun 5, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike
    Replies:
    1
    Views:
    694
    Wendy S
    Jul 30, 2003
  2. PC Leung
    Replies:
    10
    Views:
    10,161
    PC Leung
    Jul 22, 2004
  3. Aleksandar Matijaca
    Replies:
    2
    Views:
    8,324
    Aleksandar Matijaca
    Sep 19, 2004
  4. Stewart
    Replies:
    3
    Views:
    3,481
    Stewart
    Aug 18, 2005
  5. Gil
    Replies:
    3
    Views:
    321
    Eliyahu Goldin
    Jul 10, 2006
Loading...

Share This Page