• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Container-Managed Security

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to implement a container-managed security. But the <url-pattern>/admin/*</url-pattern> doesn't work. I cannot find out why.

I am using Struts 1.3.8.
I am using modules
I am using Tiles
I am using Struts Validator
My folder structure looks like this:
WebContent/index.jsp
WebContent/employee/addEmployee.jsp
WEB-INF/struts-config-employee.xml
WEB-INF/struts-config.xml
WEB-INF/web.xml
WEB-INF/validation.xml
WEB-INF/tiles-defs.xml
<p>
I create a link in the index page and when I click on that link I shlould get a user/pass window, but instead Struts allows the entrance:
index.jsp:
• <html:link forward="viewAddEmployee"><bean:message key="link.employee.add"/></html:link>

struts-config.xml:
<global-forwards>
<forward name="viewAddEmployee" path="/employee/admin/viewAddSearch.do" />
</global-forwards>

struts-config-employee.xml:
<action path="/admin/viewAddSearch" forward="addEmployee.page"/>

tiles-defs.xml:
<definition name="addEmployee.page" extends="main.layout">
<put name="title" value="ABC, Inc. Human Resources Portal - Employee Search"/>
<put name="body" value="/employee/admin/addEmployee.jsp"/>
</definition>

web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description>Administrator-only pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomethingRealm</realm-name>
</login-config>
<security-role>
<description>Some Administrator</description>
<role-name>administrator</role-name>
</security-role>

In TOMCAT_HOME>/conf/tomcat_users.xml:
<tomcat-users>
<role name="administrator"/>
<user name="x" password="y" roles="administrator"/>
<user name="xx" password="yy" roles="administrator"/>
<user name="xxx" password="yyy" roles="employee"/>
</tomcat-users>

But when I put <url-pattern>*.do</url-pattern> it works for all action paths (since all of them end with .do). Can anyone help me with this?

Thanks in advance!
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


So shouldn't your url-pattern in web.xml, for restricting access, be:

 
money grubbing section goes here:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic