GeeCON Prague 2014*
The moose likes Struts and the fly likes Struts and JDBC/realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts and JDBC/realm" Watch "Struts and JDBC/realm" New topic
Author

Struts and JDBC/realm

kelly goedert
Greenhorn

Joined: May 14, 2003
Posts: 26
I trying to use roles in my application, like an administrator can do anything and other users cannot. I using JDBC realm for that but it doesn't seem to be working.
Here is my struts-config.xml
<!-- Action Mapping Definitions -->
<action-mappings>
<action path="/login"
type="LoginAction"
name = "loginForm"
scope="request"
input="/index.jsp"
validate="true">
<forward
name="continue"
path="/principal.jsp"/>
<forward
name="erro"
path="/index.jsp"/>
</action>
<action path="/adm"
roles = "adm"
forward = "/adm.jsp">
</action>
<action path="/user"
roles = "user"
forward = "/usr.jsp">
</action>
<action path="/principal"
forward = "/principal.jsp">
</action>
</action-mappings>
And here is my web.xml (the security part)
<security-constraint>
<display-name></display-name>
<web-resource-collection>
<web-resource-name></web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/do/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>adm</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>adm</role-name>
<role-name>user</role-name>
</security-role>

In my login form the action is called like this
<html:form action="/login">
....
</html:form>
I would like that after the login I would go to principal.jsp and there I would have two links: one to be accessed by adm users and other to be used by the ones with "user" role.
What I'm doing wrong?
 
Don't get me started about those stupid light bulbs.
 
subject: Struts and JDBC/realm