Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Struts and the fly likes security-constraint in web.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "security-constraint in web.xml" Watch "security-constraint in web.xml" New topic
Author

security-constraint in web.xml

Brian Grey
Ranch Hand

Joined: Nov 15, 2002
Posts: 43
Is it possible do not use the security constraint on a specific page (action form struts) ?
This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.

/Card/Provisioning/Create.do

How should I modify the web.xml?
<security-constraint>
<web-resource-collection>
<web-resource-name>GemConnect Preview</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>serviceManager</role-name>
<role-name>csr</role-name>
</auth-constraint>
</security-constraint>
Fletcher Estes
Ranch Hand

Joined: Jul 01, 2004
Posts: 108
In your struts-config.xml, you can specify what users (roles) have access to certain actions as follows:

<action path="/Whatever" roles="admin,manager" etc....>

If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)
Florian Kammermann
Greenhorn

Joined: Jan 22, 2005
Posts: 8
In my Application I make it like this:

in the web.xml i make the security of the jsp- and html-files with the following constraints:

<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/admin/</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>

I organised my folderstructure, that I have a folder for every user and a folder for guests. Like this I can control the access on the resources.

The access on the actions I control over the roles-attribute (roles="administrator") inside the action-tag inside the struts-config.xml.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security-constraint in web.xml
 
Similar Threads
redirecting to the last requested page after valid log in
modify extension .do to .web
Jboss ldap
Web app security
Sharpen Your Pencil - PN 658