wood burning stoves 2.0*
The moose likes BEA/Weblogic and the fly likes providing security to struts url through embedded ldap server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "providing security to struts url through embedded ldap server" Watch "providing security to struts url through embedded ldap server" New topic
Author

providing security to struts url through embedded ldap server

akshay pandit
Ranch Hand

Joined: Jun 15, 2003
Posts: 44
hi to all,
The problem I'm facing is I have my application deployed in form of ear in weblogic 8.1 and we have provided security through sun one ldap server.. a particular module of the application does not need any security and also needs to communicate to external resource(ex:: somesite.com)the security definition given in web.xml is::

<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role_name</role-name>
<role-name>role_name1</role-name>
<role-name>role_name2</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>An administrator</description>
<role-name>role_name1</role-name>
</security-role>
<security-role>
<description>An administrator</description>
<role-name>role_name</role-name>
</security-role>
but this entry in web.xml restricts the other module of my application which needs to communicate to other resource... after I have assigned "everyone" role to the module.. It's a very serious problem and I'm strugling with it for last couple of day's...
Please help me out..............!!! any suggestion and sample.. would be a great help.......

thanks in advance...!!!
waiting for reply.............

Akshay Pandit..
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: providing security to struts url through embedded ldap server
 
Similar Threads
J2EE Security
EJB and Security (JAAS)
Skipping LDAP authentication for a particular struts action
Problems with FORM Authentication
access control with realm db