Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

security-constraint in web.xml

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible do not use the security constraint on a specific page (action form struts) ?
This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.

/Card/Provisioning/Create.do

How should I modify the web.xml?
<security-constraint>
<web-resource-collection>
<web-resource-name>GemConnect Preview</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>serviceManager</role-name>
<role-name>csr</role-name>
</auth-constraint>
</security-constraint>
 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In your struts-config.xml, you can specify what users (roles) have access to certain actions as follows:

<action path="/Whatever" roles="admin,manager" etc....>

If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my Application I make it like this:

in the web.xml i make the security of the jsp- and html-files with the following constraints:

<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/admin/</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>

I organised my folderstructure, that I have a folder for every user and a folder for guests. Like this I can control the access on the resources.

The access on the actions I control over the roles-attribute (roles="administrator") inside the action-tag inside the struts-config.xml.
 
reply
    Bookmark Topic Watch Topic
  • New Topic