File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Struts login using JAAS and login-config Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts login using JAAS and login-config" Watch "Struts login using JAAS and login-config" New topic

Struts login using JAAS and login-config

Abe Froman

Joined: Oct 15, 2004
Posts: 1
I believe I am having a chicken and egg problem using a Struts Action as
the form-login-page defined in my web.xml.

I followed a number of tutorials to get to this point but here is the
basic flow and the relevant parts of my config.


This puts the security constraint on all .do urls
<description>Secure the action servlet</description>

<description>no description</description>

This forces users to the action. Which works fine
I can point to any .do url and get redirected to


The problem is when I need to submit to this
results in a redirection back to Not what I want. So I
attempted to put all the logic in the LoginAction class associated with
Login action.

<!-- Login Form -->
<form-bean name="loginForm"

<!-- Login Form / Page -->

<forward name="login" path="/" />
<forward name="loginSubmit" path="/" />

<!-- Login Actions -->
<forward name="continue"

<forward name="continue"

This is busted for a number of reasons, the worst of which I have to
validate everything in the Action because I can't tell the difference
between the 1st land and a submit of a blank form. Should I be doing
this another way? I was thinking of using a servlet filter to check the
users session and redirect, I will have to do this anyway.
I agree. Here's the link:
subject: Struts login using JAAS and login-config
Similar Threads
Security Constraint problem
How to Secure a Struts application using Form Based Authentication
Basic Authentication using web.xml
Form based login
Struts and JDBC/realm