Meaningless Drivel is fun!
The moose likes Struts and the fly likes security-constraint in web.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "security-constraint in web.xml" Watch "security-constraint in web.xml" New topic

security-constraint in web.xml

Brian Grey
Ranch Hand

Joined: Nov 15, 2002
Posts: 43
Is it possible do not use the security constraint on a specific page (action form struts) ?
This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.


How should I modify the web.xml?
<web-resource-name>GemConnect Preview</web-resource-name>
Fletcher Estes
Ranch Hand

Joined: Jul 01, 2004
Posts: 108
In your struts-config.xml, you can specify what users (roles) have access to certain actions as follows:

<action path="/Whatever" roles="admin,manager" etc....>

If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)
Florian Kammermann

Joined: Jan 22, 2005
Posts: 8
In my Application I make it like this:

in the web.xml i make the security of the jsp- and html-files with the following constraints:


I organised my folderstructure, that I have a folder for every user and a folder for guests. Like this I can control the access on the resources.

The access on the actions I control over the roles-attribute (roles="administrator") inside the action-tag inside the struts-config.xml.
I agree. Here's the link:
subject: security-constraint in web.xml
It's not a secret anymore!