• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

security-constraint in web.xml

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is it possible do not use the security constraint on a specific page (action form struts) ?
This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.

/Card/Provisioning/Create.do

How should I modify the web.xml?
<security-constraint>
<web-resource-collection>
<web-resource-name>GemConnect Preview</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>serviceManager</role-name>
<role-name>csr</role-name>
</auth-constraint>
</security-constraint>
 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In your struts-config.xml, you can specify what users (roles) have access to certain actions as follows:

<action path="/Whatever" roles="admin,manager" etc....>

If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In my Application I make it like this:

in the web.xml i make the security of the jsp- and html-files with the following constraints:

<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/admin/</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>

I organised my folderstructure, that I have a folder for every user and a folder for guests. Like this I can control the access on the resources.

The access on the actions I control over the roles-attribute (roles="administrator") inside the action-tag inside the struts-config.xml.
 
Sasparilla and fresh horses for all my men! You will see to it, won't you tiny ad?
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
reply
    Bookmark Topic Watch Topic
  • New Topic