wood burning stoves 2.0*
The moose likes Struts and the fly likes Exceptions to a default security-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Exceptions to a default security-constraint" Watch "Exceptions to a default security-constraint" New topic

Exceptions to a default security-constraint

Anders Sjurmann

Joined: Apr 11, 2008
Posts: 4
I’ve used Struts2 and Glassfish to create a web-app which has two user roles: user, and admin. I would like all actions to be constrained to the admin role by default, and a subset of the actions to be available to the "basic" user. I guess this can be achieved by for the admin-role. But, and here is the problem, I also have a login-action and a registration-action (register new users) which should be available for everybody, and the *-constraint will not allow this. So is there a way to create a security-constraint which applies to users that are not logged in? Is there a default user-role which applies to users that are not logged in? Or any other way to create an exception to a "default" security-constraint?

Or is the only solution to name all actions explicitly for all constraints, and leave out the register- and login-action (i.e. no "default" security-constraint)

Thanks, Anders
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: Exceptions to a default security-constraint
Similar Threads
Simple form-based authentication using JAAS
weblogic 10 jaas and now what?
Using Realms for access controll with multiple roles
Security Problem
Can authentication in tomcat rely servlet name and/or querystring?