This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes How to Secure a Struts application using Form Based Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "How to Secure a Struts application using Form Based Authentication" Watch "How to Secure a Struts application using Form Based Authentication" New topic
Author

How to Secure a Struts application using Form Based Authentication

vikram nalagampalli
Ranch Hand

Joined: Oct 08, 2001
Posts: 91
Hello Guys,
I am trying to Secure my STRUTS based Web application using Form Based Authentication(j_security_check). I have Sucessfully configured my LDAP on WEB Sphere Application Server.

I am trying to secure all JSP's as you could see on my Security Constraint below. But when i deploy my application it doesnot prompt with a Login screen instead goes to the index page defined on the welcome-file-list.

I will really appreciate if some one can tell me if there is someother way to secure a Action classes and JSP in Struts Application. Thank you

<!-- The Welcome File List -->
<welcome-file-list>
<welcome-file>jsp/index.jsp</welcome-file>
</welcome-file-list>

<security-constraint>
<web-resource-collection>
<web-resource-name>OCN-Resources</web-resource-name>
<description></description>
<url-pattern>*.jsp</url-pattern>
<url-pattern>/OCN</url-pattern>
<url-pattern>/action</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>OCNQA</role-name>
<role-name>OCNTEAM</role-name>
<role-name>OCNADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/Login.jsp</form-login-page>
<form-error-page>/jsp/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to Secure a Struts application using Form Based Authentication
 
Similar Threads
How to secure my page
WebLogic Form-Based Authentication Problem
Jboss ldap
404 Exception
WebLogic Form Based Authentication