• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Container-Managed Security

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to implement a container-managed security. But the <url-pattern>/admin/*</url-pattern> doesn't work. I cannot find out why.

I am using Struts 1.3.8.
I am using modules
I am using Tiles
I am using Struts Validator
My folder structure looks like this:
WebContent/index.jsp
WebContent/employee/addEmployee.jsp
WEB-INF/struts-config-employee.xml
WEB-INF/struts-config.xml
WEB-INF/web.xml
WEB-INF/validation.xml
WEB-INF/tiles-defs.xml
<p>
I create a link in the index page and when I click on that link I shlould get a user/pass window, but instead Struts allows the entrance:
index.jsp:
• <html:link forward="viewAddEmployee"><bean:message key="link.employee.add"/></html:link>

struts-config.xml:
<global-forwards>
<forward name="viewAddEmployee" path="/employee/admin/viewAddSearch.do" />
</global-forwards>

struts-config-employee.xml:
<action path="/admin/viewAddSearch" forward="addEmployee.page"/>

tiles-defs.xml:
<definition name="addEmployee.page" extends="main.layout">
<put name="title" value="ABC, Inc. Human Resources Portal - Employee Search"/>
<put name="body" value="/employee/admin/addEmployee.jsp"/>
</definition>

web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description>Administrator-only pages</description>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>SomethingRealm</realm-name>
</login-config>
<security-role>
<description>Some Administrator</description>
<role-name>administrator</role-name>
</security-role>

In TOMCAT_HOME>/conf/tomcat_users.xml:
<tomcat-users>
<role name="administrator"/>
<user name="x" password="y" roles="administrator"/>
<user name="xx" password="yy" roles="administrator"/>
<user name="xxx" password="yyy" roles="employee"/>
</tomcat-users>

But when I put <url-pattern>*.do</url-pattern> it works for all action paths (since all of them end with .do). Can anyone help me with this?

Thanks in advance!
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


So shouldn't your url-pattern in web.xml, for restricting access, be:

reply
    Bookmark Topic Watch Topic
  • New Topic