aspose file tools*
The moose likes Struts and the fly likes Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Authentication Problem" Watch "Authentication Problem" New topic
Author

Authentication Problem

Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
Here's my setup. I have a home page, index.jsp with a login form.

My Login action has this for a result:


I have a file called home.jsp located in /secure. When I login successfully, I go here.

Then I added this to my struts.xml:

The point of this is so that if I have a jsp page with no action tied to it, lets say an image upload form or something, I can still trigger my interceptor to make sure I'm logged in. This works too. For example, if I try and navigate to /secure/home, my interceptor is triggered, even though I don't have a Home action.

For some reason, however, having this addition makes it so that when I login, instead of going to /secure/home like before, I get a requested resource is not available even though it is.
Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
I ran some tests and got some very interesting results.

I should note that I've set a couple of constants:

These were necessary to get what I want to work.

1) Create directory "/secure/test" and in "/secure/test" put "testpage.jsp":

When I log in, and attempt to visit "http://localhost:8080/MyPage/secure/test/testpage", I get an error message that "/MyPage/secure/test/test/testpage" is not available. It seems to have duplicated the namespace.

2) Create a package called "actions.secure.test" and put a random action class in it, and it works.

It seems like there's a flaw with what I'm trying to do. It seems redundant to need a class for every action but it seems like thats the only way to get it to behave
Pj Casaro
Ranch Hand

Joined: Jul 13, 2010
Posts: 47
For all interested parties, here's the fix.

Lets say you have some simple jsps that don't need classes but do need to be secured. This is what that part of your struts.xml should look like:


With the two constants from before, basically, when you enter the secure namespace, it will look for anything you type in that doesn't have a class associated with it, check if you're logged in, and then serve that jsp if you are logged in.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication Problem
 
Similar Threads
Struts 2 addActionError problem
interceptor not working in struts 2
Overriding default interceptor stack
Scope interceptor: scope.type = end not doing any cleanup.
struts2 login interceptor not finding session attribute of user details.