File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Authentication Problem" Watch "Authentication Problem" New topic

Authentication Problem

Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
Here's my setup. I have a home page, index.jsp with a login form.

My Login action has this for a result:

I have a file called home.jsp located in /secure. When I login successfully, I go here.

Then I added this to my struts.xml:

The point of this is so that if I have a jsp page with no action tied to it, lets say an image upload form or something, I can still trigger my interceptor to make sure I'm logged in. This works too. For example, if I try and navigate to /secure/home, my interceptor is triggered, even though I don't have a Home action.

For some reason, however, having this addition makes it so that when I login, instead of going to /secure/home like before, I get a requested resource is not available even though it is.
Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
I ran some tests and got some very interesting results.

I should note that I've set a couple of constants:

These were necessary to get what I want to work.

1) Create directory "/secure/test" and in "/secure/test" put "testpage.jsp":

When I log in, and attempt to visit "http://localhost:8080/MyPage/secure/test/testpage", I get an error message that "/MyPage/secure/test/test/testpage" is not available. It seems to have duplicated the namespace.

2) Create a package called "" and put a random action class in it, and it works.

It seems like there's a flaw with what I'm trying to do. It seems redundant to need a class for every action but it seems like thats the only way to get it to behave
Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
For all interested parties, here's the fix.

Lets say you have some simple jsps that don't need classes but do need to be secured. This is what that part of your struts.xml should look like:

With the two constants from before, basically, when you enter the secure namespace, it will look for anything you type in that doesn't have a class associated with it, check if you're logged in, and then serve that jsp if you are logged in.
I agree. Here's the link:
subject: Authentication Problem
It's not a secret anymore!