Thanks Jason.
Problem solved. Wooohooo.
Correct me if I am wrong, it looks like
I am automatically log out after login if
I do nothing after some time. How
do I make session last for duration of
browser life or till user log out explicitly?
Also found out that I don't need a separate login
form for each different user. 1 login form for all
user is allowed. duuhh me.
I don't quiet see the need to define
restricted URL in securityfilter-config.xml as
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Page</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
if I simply add roles attribute in action mapping of struts-config.xml.
All my restricted action mapping has user roles attribute rather than
using path attribute e.g. path="admin/bla". I hope that is not bad practice.
Also, it looks there is no way to use client/server side struts validation
to
convey error message on login form. E.g. password is incorrect.
----- Original Message -----
From: "Jason Lea" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, August 31, 2004 1:06 PM
Subject: Re: SecurityFilter Question?
> struts Dude wrote:
>
> >>You don't have to use a filter though, you could make a base action that
> >>does puts the bean into session and have all your actions sub-class that
> >>one.
> >>
> >>
> >
> >Using action to put bean in Session after SecurityFilter, how is that
> >possible when after authentication by SecurityFilter, u taken right
> >back to /user/abc.do where u 1st request it and doesn't pass
> >through to action attribute as specified in action-mapping of
> >struts-config.xml?
> >
> >
> you create a base class like
>
> public class BaseAction extends Action {
> public ActionForward execute(...){
> ... do stuff that every action needs, eg checking for/putting
> user bean in session
> }
> }
>
> Then your other actions do something like this
>
> public class MyFirstAction extends BaseAction {
> public ActionForward execute(...){
> super.execute(...);
>
> ... do whatever your action does
> }
> }
>
> This way, the piece of code that you want every action to execute is in
> one place.
>
> >I have tried to use action, after authentication, I am indeed taken
> >back to the page /admin/logon.do or /user/logon.do and got
> >error message in browser:
> >
> >HTTP Status 400 - Invalid path /admin/Logon was requested
> >
> >message Invalid path /admin/Logon was requested
> >
> >description The request sent by the client was syntactically incorrect
> >(Invalid path /admin/Logon was requested).
> >
> >
> Is that the url you tried to access or was it something in the
> securityfilter-config.xml? Whatever it is, it's missing the .do at the
> end eg /admin/Logon.do.
> But if it is in the securityfilter-config.xml as a login form then it is
> wrong, as only administrators can access /admin/*
>
> >-------------
> >
> >My action mapping is struts-conf.xml
> >
> >Both
> >
> > <action
> > path="/admin/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="LogAction.do?action=logon"/>
> >
> > <action
> > path="/user/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="LogAction.do?action=logon"/>
> >
> ><!--
> >My LogAction extends DispatchAction and will try
> >to put User bean in session. -->
> >
> >or
> >
> > <action
> > path="/admin/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="Welcome.do"/>
> > <action
> > path="/user/Logon.do"
> > type="org.apache.struts.actions.ForwardAction"
> > parameter="Welcome.do"/>
> >
> >won't work.
> >
> >-----------------------
> >
> >BTW, how wud u use html:form to display
> >login fields?
> >
> >I can't get struts tag to work with login fields
> >except for using things like:
> >
> ><form action="j_security_check" method="POST">
> > Username: <input type="text" name="j_username"><p>
> > Password: <input type="password" name="j_password"><p>
> > <input type="Submit">
> >
> ></form>
> >
> >
> Don't know about html:form - i use something like you have done.
>
> >------------------
> >
> >Ok, using filter (as u said) after SecurityFilter wud solve this simply
but
> >I like to stick with pure Struts approach if possible.
> >
> >
> Struts is sitll happy to use filters - it was created before filters
> existed. It really comes down to what you are happy with and what level
> of container you want your app to work with.
>
> >Thanks
> >
> >
> >
> >
> >>Jason Lea
> >>
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
>
> --
> Jason Lea
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
