integration between struts and servlet auth

Discussion in 'Java' started by tremalnaik@gmail.com, Jul 29, 2005.

  1. Guest

    Hi everibody,
    I'm using the ssl extension library for Struts (sslext) to switch
    between encrypted and unencrypted pages in my webapp. Everything works
    fine excerpt for the login page, which is handled by the servlet
    authentication mechanism. Some excerpt from my config files follow:

    ------------ web.xml ------------------
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected actions and
    pages</web-resource-name>
    <description>no description</description>
    <url-pattern>*.do</url-pattern>
    <url-pattern>/index.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>TestUser</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/WEB-INF/jsp/logon/logon.jsp</form-login-page>

    <form-error-page>/WEB-INF/jsp/logon/logonError.jsp</form-error-page>
    </form-login-config>
    </login-config>

    ------------ web.xml ------------------

    ------------- struts-config.xml ------------
    <action-mappings type="org.apache.struts.config.SecureActionConfig">
    <action forward="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >
    <set-property property="secure" value="true"/>
    </action>
    <action input="page.clientHome" name="accountForm"
    path="/openClient" scope="session"
    type="com.ciccio.pasticcio.web.actions.OpenClientAction"
    validate="true" >
    <set-property property="secure" value="false"/>
    </action>
    </action-mappings>
    .....
    <controller
    processorClass="org.apache.struts.action.SecureTilesRequestProcessor"
    />
    <plug-in className="org.apache.struts.action.SecurePlugIn">
    <set-property property="httpPort" value="8080"/>
    <set-property property="httpsPort" value="8443"/>
    <set-property property="enable" value="true"/>
    <set-property property="addSession" value="false"/>
    </plug-in>
    ------------- struts-config.xml ------------

    First I tried adding at the top of logon.jsp these lines:

    <%@ taglib uri="/WEB-INF/tld/sslext.tld" prefix="sslext"%>
    <sslext:pageScheme secure="true" />

    but when I try to access a protected url (ie.
    http://localhost:8080/testapp/openClient.do) I have an error:

    'The requested resource (/testapp/WEB-INF/jsp/logon/logon.jsp) is not
    available.'

    So I got rid of the sslext tag and I modified the web.xml
    <login-config> as

    <form-login-page>/logon.do</form-login-page>

    Now encryption works and the logon page appears on a secure channel,
    but when I push the form login button the user (while authenticated) is
    not redirected to the original URL he has entered (openClient) but
    remains in the login page. It seems the URL got lost by the container
    because of the http -> https redirection.

    I've tried with

    <action include="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >

    but the behaviour was not changing. I tested with IE 6.0 and Firefox
    1.0.4

    Can anyone help me?

    TREMALNAIK
     
    , Jul 29, 2005
    #1
    1. Advertising

  2. On 29 Jul 2005 04:07:36 -0700, wrote:

    > Hi everibody,
    > I'm ..


    ...multi-posting. Please refrain from doing so.
    <http://www.physci.org/codes/javafaq.jsp#xpost>

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    See You On Some Other Channel
     
    Andrew Thompson, Jul 29, 2005
    #2
    1. Advertising

  3. Guest

    Andrew Thompson wrote:
    > ..multi-posting. Please refrain from doing so.
    > <http://www.physci.org/codes/javafaq.jsp#xpost>


    Multiposting is when the number of reposting reaches the number of 3

    TREMALNAIK
     
    , Jul 29, 2005
    #3
  4. On 29 Jul 2005 04:47:23 -0700, wrote:

    > Andrew Thompson wrote:
    >> ..multi-posting. Please refrain from doing so.
    >> <http://www.physci.org/codes/javafaq.jsp#xpost>

    >
    > Multiposting is when the number of reposting reaches the number of 3


    - Got a reference for that? My reference is RFC 1855,
    Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
    <http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
    You might try reading that sometime (before you next
    consider multi-posting to two or more groups).

    - How am I supposed to know how many groups you have posted
    to. You made no reference to the other post(s) in any thread
    I saw. Loan me your crystal ball?

    - Given the first point, why should I care how many groups
    you have mutli-posted to?

    But ultimately, it seems you are saying 'it is OK to waste
    people's time, so long as it is only on two groups at a time'.

    Does that sum up the way you see it?

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    Known To Cause Insanity In Laboratory Mice
     
    Andrew Thompson, Jul 29, 2005
    #4
  5. Guest

    Andrew Thompson wrote:
    > - Got a reference for that? My reference is RFC 1855,
    > Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
    > <http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
    > You might try reading that sometime (before you next
    > consider multi-posting to two or more groups).


    ok, I don't have any RFC to refer to, but in my opinion education is a
    matter of opinion, not a RFC problem. I believe that waiting people
    "behind a tree" to catch them doing something we consider wrong just
    for the pleasure you get in complaining reveals some kind of pestilent
    thinking. I believe I was not unpolite, neither if you look my posts in
    the USENET you may say I ever committed some annoying action against
    noone. I just posted my question in the Help group, then, I decided the
    Programmer group was better, that's all. I don't think that my
    beheavior caused the wasting of anyone precious time, as the offtopic
    discussion in which we are involving. I apologize .

    TREMALNAIK
     
    , Jul 29, 2005
    #5
  6. On 29 Jul 2005 05:42:59 -0700, wrote:

    > Andrew Thompson wrote:
    >> - Got a reference for that? My reference is RFC 1855,

    ....
    > ok, I don't have any RFC to refer to, ..


    You can refer to the same one. I sure don't 'own' it.
    It was formulated long before I ever posted to the
    usenet news groups.

    >..but in my opinion education is a matter of opinion,


    Who's. Yours?

    The prevailing opinion (by many contributors to the groups)
    is that multi-posting is counter productive.

    > ..I apologize .


    ...I do not feel you owe me (or anyone) an apology.

    I would like to hear though, that you intend *not* to
    multi-post in future.

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    Featuring Gratuitous Alien Nudity
     
    Andrew Thompson, Jul 29, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    724
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    592
    Elton Wang
    Jan 8, 2005
  3. Mark Chai
    Replies:
    1
    Views:
    747
    Christophe Vanfleteren
    Oct 1, 2003
  4. Amit Jain
    Replies:
    1
    Views:
    604
    Amit Jain
    Jun 13, 2008
  5. cs

    Form Auth and windows int auth

    cs, Apr 18, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    120
    Timothy H. Schilbach
    Apr 28, 2006
Loading...

Share This Page