This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Struts and the fly likes Struts and JDBC/realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts and JDBC/realm" Watch "Struts and JDBC/realm" New topic
Author

Struts and JDBC/realm

kelly goedert
Greenhorn

Joined: May 14, 2003
Posts: 26
I trying to use roles in my application, like an administrator can do anything and other users cannot. I using JDBC realm for that but it doesn't seem to be working.
Here is my struts-config.xml
<!-- Action Mapping Definitions -->
<action-mappings>
<action path="/login"
type="LoginAction"
name = "loginForm"
scope="request"
input="/index.jsp"
validate="true">
<forward
name="continue"
path="/principal.jsp"/>
<forward
name="erro"
path="/index.jsp"/>
</action>
<action path="/adm"
roles = "adm"
forward = "/adm.jsp">
</action>
<action path="/user"
roles = "user"
forward = "/usr.jsp">
</action>
<action path="/principal"
forward = "/principal.jsp">
</action>
</action-mappings>
And here is my web.xml (the security part)
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name></web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/do/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>adm</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>adm</role-name>
<role-name>user</role-name>
</security-role>

In my login form the action is called like this
<html:form action="/login">
....
</html:form>
I would like that after the login I would go to principal.jsp and there I would have two links: one to be accessed by adm users and other to be used by the ones with "user" role.
What I'm doing wrong?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Struts and JDBC/realm
 
Similar Threads
secure access and struts
req.isUserInRole("admin"); return false??
404 Exception
How authorization constraint effects authentication?
404 Exception