Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts and JDBC/realm

 
kelly goedert
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I trying to use roles in my application, like an administrator can do anything and other users cannot. I using JDBC realm for that but it doesn't seem to be working.
Here is my struts-config.xml
<!-- Action Mapping Definitions -->
<action-mappings>
<action path="/login"
type="LoginAction"
name = "loginForm"
scope="request"
input="/index.jsp"
validate="true">
<forward
name="continue"
path="/principal.jsp"/>
<forward
name="erro"
path="/index.jsp"/>
</action>
<action path="/adm"
roles = "adm"
forward = "/adm.jsp">
</action>
<action path="/user"
roles = "user"
forward = "/usr.jsp">
</action>
<action path="/principal"
forward = "/principal.jsp">
</action>
</action-mappings>
And here is my web.xml (the security part)
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name></web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/do/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>adm</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>adm</role-name>
<role-name>user</role-name>
</security-role>

In my login form the action is called like this
<html:form action="/login">
....
</html:form>
I would like that after the login I would go to principal.jsp and there I would have two links: one to be accessed by adm users and other to be used by the ones with "user" role.
What I'm doing wrong?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic