You probably don't need to send it to an action, you just need to render
the HTML form for authentication. So, login.jsp would suffice. As far
as s2 is concerned, authentication is completely external. The role
interceptor just uses the HttpServletRequest to obtain the roles that
the current user is logged in under.
/Ian
Piero Sartini wrote:
Hello List,
i try figuring out how security will work with struts2. I have an EJB3
application - the frontend will be written using s2.
I added the RolesInterceptor to an action:
----- code ----
<interceptor-ref name="roles">
<param name="allowedRoles">portalUser</param>
</interceptor-ref>
----- code ----
Accessing this action does give me a 403 - thats ok, because I am not logged
in. But how do I login?
My web.xml looks like that:
----- code ----
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyCustomRealm</realm-name>
<form-login-config>
<form-login-page>/Login_input.action</form-login-page>
<form-error-page>/Login_error.action</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>registered portal user</description>
<role-name>portalUser</role-name>
</security-role>
----- code ----
is this correct? Is it even possible to use FORM-based authentication with
struts2? If not, could you please give me a hint how this will work?
Goal is that the user is presented with the login form if he is not
authenticated - if he logged in successfully within that form, the
intercepted action should continue.
Thanks in advance,
Piero
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
