• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

security problem

 
Ranch Hand
Posts: 152
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i have developed a web application using struts. I deployed it on tomcat5.5 on linux redhat. The problem is that the user can go to any page without even logging in. Its like if he enters http://myapp:8080/login.jsp it will take him to login.jsp page if he enters http://myapp:8080/xyz.jsp then also it opens that page. which is wrong actually it should redirect him to the login page. only if the user is authenticated then only he can go to that page using proper link how to handle this condition? any suggestions and hints will be greatly appreciated.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

First, you have to consider storing all jsp file inside a directory like this �/ /WebContent/WEB-INF/jsp/ to avoid direct request to jsp, you can access jsp via an action mapping:

<action path="/viewLogin"
type="org.apache.struts.actions.ForwardAction"
parameter="/WEB-INF/jsp/login.jsp" />

or

<action path="/viewLogin"
forward="/WEB-INF/jsp/login.jsp"/>

Remember, to ensure MVC every request must go through request processor, and this way you can implement more complex authentication and authorization levels of security.

Second, are you using container or application-managed security? Are you using filters, custom request processor, base action or custom tag?

Check O�Reilly Jakarta Struts Cookbook, there is a complete chapter about securing struts applications.
 
I just had the craziest dream. This tiny ad was in it.
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic