Hi All, My application is developed using struts framework. Where it takes user id and password at the time of login and goes to next page. I am using method="POST" when i am invoking action class as below. [b] <html:form action="/login.do" method="POST">
Basically i dont have any problem when i am logging after giving user id and password. But i am having security concerns when i am sending user id and password in url as below http://localhost:8080/SecurityTest/login.do?userId=sss&password=sss&step=Login With the use of above url in the browser is successfully taking me to the next page. Can any one please help me. How to protect application in this scenario. I tried to solve this issue by definig security - constriants in web.xml file as below <security-constraint> <web-resource-collection> <web-resource-name>Protected Area with GET</web-resource-name> <url-pattern>*/login.do</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint/> </security-constraint> One more thing i should not put restrictions to other GET methods which were in the entire application. I should only restrict at the time of loging. I know the url-pattern that i am using may resolve this issue. But what is the correct pattern i have to use. Please help me. Thanks Raj -- View this message in context: http://old.nabble.com/Security-Issue-with-GET-method-tp29838122p29838122.html Sent from the Struts - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
