integration between struts and servlet auth

T

tremalnaik

Hi everibody,
I'm using the ssl extension library for Struts (sslext) to switch
between encrypted and unencrypted pages in my webapp. Everything works
fine excerpt for the login page, which is handled by the servlet
authentication mechanism. Some excerpt from my config files follow:

------------ web.xml ------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected actions and
pages</web-resource-name>
<description>no description</description>
<url-pattern>*.do</url-pattern>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TestUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/WEB-INF/jsp/logon/logon.jsp</form-login-page>

<form-error-page>/WEB-INF/jsp/logon/logonError.jsp</form-error-page>
</form-login-config>
</login-config>

------------ web.xml ------------------

------------- struts-config.xml ------------
<action-mappings type="org.apache.struts.config.SecureActionConfig">
<action forward="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >
<set-property property="secure" value="true"/>
</action>
<action input="page.clientHome" name="accountForm"
path="/openClient" scope="session"
type="com.ciccio.pasticcio.web.actions.OpenClientAction"
validate="true" >
<set-property property="secure" value="false"/>
</action>
</action-mappings>
.....
<controller
processorClass="org.apache.struts.action.SecureTilesRequestProcessor"
/>
<plug-in className="org.apache.struts.action.SecurePlugIn">
<set-property property="httpPort" value="8080"/>
<set-property property="httpsPort" value="8443"/>
<set-property property="enable" value="true"/>
<set-property property="addSession" value="false"/>
</plug-in>
------------- struts-config.xml ------------

First I tried adding at the top of logon.jsp these lines:

<%@ taglib uri="/WEB-INF/tld/sslext.tld" prefix="sslext"%>
<sslext:pageScheme secure="true" />

but when I try to access a protected url (ie.
http://localhost:8080/testapp/openClient.do) I have an error:

'The requested resource (/testapp/WEB-INF/jsp/logon/logon.jsp) is not
available.'

So I got rid of the sslext tag and I modified the web.xml
<login-config> as

<form-login-page>/logon.do</form-login-page>

Now encryption works and the logon page appears on a secure channel,
but when I push the form login button the user (while authenticated) is
not redirected to the original URL he has entered (openClient) but
remains in the login page. It seems the URL got lost by the container
because of the http -> https redirection.

I've tried with

<action include="/WEB-INF/jsp/logon/logon.jsp" path="/logon" >

but the behaviour was not changing. I tested with IE 6.0 and Firefox
1.0.4

Can anyone help me?

TREMALNAIK
 
A

Andrew Thompson

Multiposting is when the number of reposting reaches the number of 3
Click to expand...

- Got a reference for that? My reference is RFC 1855,
Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
<http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
You might try reading that sometime (before you next
consider multi-posting to two or more groups).

- How am I supposed to know how many groups you have posted
to. You made no reference to the other post(s) in any thread
I saw. Loan me your crystal ball?

- Given the first point, why should I care how many groups
you have mutli-posted to?

But ultimately, it seems you are saying 'it is OK to waste
people's time, so long as it is only on two groups at a time'.

Does that sum up the way you see it?
 
T

tremalnaik

Andrew said:
- Got a reference for that? My reference is RFC 1855,
Section 3.1.3 - 'Netnews Guidelines', points 1 and 5.
<http://www.physci.org/rfc/rfc1855.jsp#3_1_3>.
You might try reading that sometime (before you next
consider multi-posting to two or more groups).
Click to expand...

ok, I don't have any RFC to refer to, but in my opinion education is a
matter of opinion, not a RFC problem. I believe that waiting people
"behind a tree" to catch them doing something we consider wrong just
for the pleasure you get in complaining reveals some kind of pestilent
thinking. I believe I was not unpolite, neither if you look my posts in
the USENET you may say I ever committed some annoying action against
noone. I just posted my question in the Help group, then, I decided the
Programmer group was better, that's all. I don't think that my
beheavior caused the wasting of anyone precious time, as the offtopic
discussion in which we are involving. I apologize .

TREMALNAIK
 
A

Andrew Thompson

....
ok, I don't have any RFC to refer to, ..
Click to expand...

You can refer to the same one. I sure don't 'own' it.
It was formulated long before I ever posted to the
usenet news groups.
..but in my opinion education is a matter of opinion,
Click to expand...

Who's. Yours?

The prevailing opinion (by many contributors to the groups)
is that multi-posting is counter productive.
..I apologize .
Click to expand...

...I do not feel you owe me (or anyone) an apology.

I would like to hear though, that you intend *not* to
multi-post in future.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

while integration struts with spring "Servlet action is notavailable" 1
Struts and JSF integration 0
Application Controlled Authentication - Tomcat & Struts 4
struts-config.xml 1
tomcat datasource realm and form based authentication 3
Struts Tiles Error 0
form based login in jboss using login-config not working 1
glassfish and faces security 0

Members online

No members online now.
Total: 93 (members: 2, guests: 91)
Robots: 209

Forum statistics

Threads
474,262
Messages
2,571,052
Members
48,769
Latest member
Clifft

Latest Threads

Top