aspose file tools*
The moose likes Struts and the fly likes Container-Managed Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Container-Managed Security" Watch "Container-Managed Security" New topic
Author

Container-Managed Security

Despot Jakim
Greenhorn

Joined: Sep 09, 2008
Posts: 2
I am trying to implement a container-managed security. But the <url-pattern>/admin/*</url-pattern> doesn't work. I cannot find out why.

I am using Struts 1.3.8.
I am using modules
I am using Tiles
I am using Struts Validator
My folder structure looks like this:
WebContent/index.jsp
WebContent/employee/addEmployee.jsp
WEB-INF/struts-config-employee.xml
WEB-INF/struts-config.xml
WEB-INF/web.xml
WEB-INF/validation.xml
WEB-INF/tiles-defs.xml
<p>
I create a link in the index page and when I click on that link I shlould get a user/pass window, but instead Struts allows the entrance:
index.jsp:
• <html:link forward="viewAddEmployee"><bean:message key="link.employee.add"/></html:link>

struts-config.xml:
<global-forwards>
<forward name="viewAddEmployee" path="/employee/admin/viewAddSearch.do" />
</global-forwards>

struts-config-employee.xml:
<action path="/admin/viewAddSearch" forward="addEmployee.page"/>

tiles-defs.xml:
<definition name="addEmployee.page" extends="main.layout">
<put name="title" value="ABC, Inc. Human Resources Portal - Employee Search"/>
<put name="body" value="/employee/admin/addEmployee.jsp"/>
</definition>

web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description>Administrator-only pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomethingRealm</realm-name>
</login-config>
<security-role>
<description>Some Administrator</description>
<role-name>administrator</role-name>
</security-role>

In TOMCAT_HOME>/conf/tomcat_users.xml:
<tomcat-users>
<role name="administrator"/>
<user name="x" password="y" roles="administrator"/>
<user name="xx" password="yy" roles="administrator"/>
<user name="xxx" password="yyy" roles="employee"/>
</tomcat-users>

But when I put <url-pattern>*.do</url-pattern> it works for all action paths (since all of them end with .do). Can anyone help me with this?

Thanks in advance!
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10266
    
168



So shouldn't your url-pattern in web.xml, for restricting access, be:



[My Blog] [JavaRanch Journal]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Container-Managed Security