• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • paul wheaton
  • Ron McLeod
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:

Container-Managed Security

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to implement a container-managed security. But the <url-pattern>/admin/*</url-pattern> doesn't work. I cannot find out why.

I am using Struts 1.3.8.
I am using modules
I am using Tiles
I am using Struts Validator
My folder structure looks like this:
WebContent/index.jsp
WebContent/employee/addEmployee.jsp
WEB-INF/struts-config-employee.xml
WEB-INF/struts-config.xml
WEB-INF/web.xml
WEB-INF/validation.xml
WEB-INF/tiles-defs.xml
<p>
I create a link in the index page and when I click on that link I shlould get a user/pass window, but instead Struts allows the entrance:
index.jsp:
• <html:link forward="viewAddEmployee"><bean:message key="link.employee.add"/></html:link>

struts-config.xml:
<global-forwards>
<forward name="viewAddEmployee" path="/employee/admin/viewAddSearch.do" />
</global-forwards>

struts-config-employee.xml:
<action path="/admin/viewAddSearch" forward="addEmployee.page"/>

tiles-defs.xml:
<definition name="addEmployee.page" extends="main.layout">
<put name="title" value="ABC, Inc. Human Resources Portal - Employee Search"/>
<put name="body" value="/employee/admin/addEmployee.jsp"/>
</definition>

web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description>Administrator-only pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomethingRealm</realm-name>
</login-config>
<security-role>
<description>Some Administrator</description>
<role-name>administrator</role-name>
</security-role>

In TOMCAT_HOME>/conf/tomcat_users.xml:
<tomcat-users>
<role name="administrator"/>
<user name="x" password="y" roles="administrator"/>
<user name="xx" password="yy" roles="administrator"/>
<user name="xxx" password="yyy" roles="employee"/>
</tomcat-users>

But when I put <url-pattern>*.do</url-pattern> it works for all action paths (since all of them end with .do). Can anyone help me with this?

Thanks in advance!
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


So shouldn't your url-pattern in web.xml, for restricting access, be:

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic