Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security-constraint in web.xml

 
Brian Grey
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it possible do not use the security constraint on a specific page (action form struts) ?
This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.

/Card/Provisioning/Create.do

How should I modify the web.xml?
<security-constraint>
<web-resource-collection>
<web-resource-name>GemConnect Preview</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>serviceManager</role-name>
<role-name>csr</role-name>
</auth-constraint>
</security-constraint>
 
Fletcher Estes
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In your struts-config.xml, you can specify what users (roles) have access to certain actions as follows:

<action path="/Whatever" roles="admin,manager" etc....>

If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)
 
Florian Kammermann
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my Application I make it like this:

in the web.xml i make the security of the jsp- and html-files with the following constraints:

<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/admin/</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>

I organised my folderstructure, that I have a folder for every user and a folder for guests. Like this I can control the access on the resources.

The access on the actions I control over the roles-attribute (roles="administrator") inside the action-tag inside the struts-config.xml.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic