Stuck with a Struts app and I dont know Struts - security exception problem
Joined: May 28, 2001
OK, long story but I'll try to make it quick. I have a server in my possesion that has a Struts / Hibernate app running in Tomcat 5. The app is a nightmare and takes down the server regularly. Anyways they fired the old programmer and hired me to build a new app but I can't even get the old app to run. They don't want this one fixed but they want me to look at some of his interfaces so I can mimic them somewhat.
I'm thinking this thing was setup to explicity run on the domain and since it is now on my internal backbone and running on an IP this MAY be the problem.
What's happening is the second I try and access the app via a browser I get a Security Exception. The orginal app had an html page that literally did nothing except redirect them to this app. I added a jsp to stop the redirect but no matter what when I try and go into the app I get this damn exception.
I've been through ever file I can think of, the server.xml, the web.xml, and all the other xml files in the WEB-INF folder. I've also gone through the Tomcat config files to see if I could find anything.
I know Java (quite well) but again I no nothing about Struts. Are there any files I should be looking or entries in these files that could cause this?
Joined: Feb 08, 2006
I know a bit about Struts, but very little about Tomcat. I would start with a fresh Struts sample application. Once you get that to work, start to migrate over pieces of this application and see what is up. I would suspect a setting in your web.xml file, but suppose that it could be a higher level Tomcat configuration setting as well.
Joined: Dec 30, 2004
you might wanna check out the struts-config.xml in the web-inf dir.
see if the action-mappings contain exception handlers.
part of the file... that one could be setup to handle security validation.
But come to think of it perhaps he's screwed with the context by removing the myapp-users.xml and or the myapp-roles.xml depending upon how the apps users are getting validated. If the app uses BASIC auth then check for the above files. If your using JAAS then it's a whole nother can of worms. [ March 15, 2006: Message edited by: graham king ]