So, just to double-check these things...
dbopsAction.java has package ecapp; at the top, and you compiled that
version to get the dbopsAction.class file in WEB-INF/classes/ecapp.
I see your struts-config.xml and that looks right.
You made a request for
Try mailing to:
[EMAIL PROTECTED]
The mailto: prefix turns it into a click-able link on many mail clients, but
is not itself a part of the address. I am not sure if that is your problem,
but it struck me as a possibility from your message.
-Max
- Original Message -
From: Charles(Chen)
Craig,
True indeed, and I have info about that on the project home page.
SecurityFilter does not work with EJBs. I am looking into making it work,
but your application code would have to pass the Principal into the call
programmatically (and thus would not be the same as it would be for
Michael,
Have you tried accessing /test1.jsp first to get authenticated?
The 400 error indicates that the resource was not found. 403 is the error
code for not authorized. I have noticed that you can get 400 errors if
there is a FileNotFoundException thrown while handling the request, even if
Thanks for the info, Craig.
It looks like SecurityFilter won't work with EJB apps, now or in the future,
with current server implementations.
My feedback about what I find lacking in current container managed security
are these items:
1) The inability to submit unsolicited login requests (when
Michael,
I am glad you got it working.
I am not sure how much value the roles attribute for an
action has if it can't invoke the authentication sequence
(i.e. send you to the login page, and get you back to your
original request). It seems you would have to duplicate the
I assumed
:46 PM
To: 'Struts Users Mailing List'
Subject: RE: Container-managed authentication not possible
You may want to take a look at the SecurityFilter project on
SourceForge.net
by Max Cooper. Summary form site:
SecurityFilter is a Java Servlet Filter that mimics the behavior and
configuration
Elderclei,
Todd mentioned my SecurityFilter project as a possible alternative for you,
and I enourage you to try it. Not having access to the server configuration
is one of the particular situations in which I thought it would be useful.
-Max
http://www.securityfilter.org/
- Original
not possible
Max,
Have you considered using JAAS for authentication? Why or why not?
Thanks,
Troy
On Wed, 2002-08-21 at 14:13, Max Cooper wrote:
Elderclei,
Todd mentioned my SecurityFilter project as a possible alternative for
you,
and I enourage you to try it. Not having access
Mike,
If you don't know what the parameters are when you have the opportunity to
write the link URL, that means you need the user to submit the form. You
could have them submit the form directly to the other domain. If you need to
see their choices first, you could do your processing and then
Mike,
The redirect will make the user's browser issue the request directly, which
may be important if they are logged in or simply have session data there.
Redirects are easy to code and will reduce the network load on your server.
Unless you have a really good reason to use a URLConnection, the
I don't know quite what will happen for you, but if you can stand adding
them one at a time, or inspecting what properties get set on your form
submittals (and which don't), you might have to plow through it that way.
This does remind me of an idea I had while working on a couple of pages. I
Edits? I would think Edits and Adds are the two operations where validation
would be most important. Please clarify.
-Max
- Original Message -
From: Bill Blackmon [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Friday, August 16, 2002 6:11 PM
Subject: multiple
SecurityFilter is a Java Servlet Filter that mimics container managed
security, with several development and deployment advantages.
Please see the project home page for SecurityFilter information:
http://securityfilter.sourceforge.net
This new release adds http-method element and Servlet
JiRong,
I wrote a Filter to mimic container-managed security (with some help from
this list) named 'securityfilter' that has a very simple realm interface and
can be deployed inside a web app with no realm setup on the server. The
config file uses the same syntax as web.xml for the security
I posted about it on this list and some of you expressed interest, so I
wanted to let you know that the first public release of the securityfilter
project is now available for download. This is a filter that mimics
container-based security but allows you to have a login form on every page
or
Ryan,
I have written just such a filter and I plan to release it in the next week
or two. It will be free to use and will include source code if you want to
modify it. It mimics container-managed security (which I also like for
various reasons). It wraps the request to give proper responses to
Hello again Mete, ;-)
I like this stuff. It's like a puzzle.
Basically I made my welcome-page a dummy page that
redirects the request to /login.do. I made /login.do a
protected resource and what is ironic is that I made
my home page the login page !! (in login-config).
This kinda turns
/Container-Managed Authentication Question
Subject: Re: Struts/Container-Managed Authentication Question
From: Torgeir Veimo [EMAIL PROTECTED]
===
Max Cooper wrote:
If you can live with a short-term compromise of having a login link on
every
page rather than a login form, the first design
Hello Mete,
One thing that you cannot do with container-managed
security is direct the
users to the login form page to force them to login.
As an alternative, you
can protect a page and send users there, so the
container will send them
through the login form. For instance, if your
You can't mix a string and a %= % in an attribute value. It has to be one
or the other. I know, it seems weird, but try it and you'll see.
You should be able to do one of these instead:
% String idValue = multiValue + String.valueOf(index); %
td ID=%=idValue%
or
td ID='%=(multiValue +
Mete,
With contained-managed security, you have to let the container process the
login form submittal (j_security_check). There is no method you can call to
process the login yourself. The container makes the info like the user name
and if a user is in a particular role through methods on the
- Original Message -
From: Galbreath, Mark [EMAIL PROTECTED]
To: Struts (E-mail) [EMAIL PROTECTED]
Sent: Saturday, June 22, 2002 6:33 AM
Subject: Saturday (EST) Java Trivia
1. What is the difference between a pointer and a reference?
Nothing.
2. If Java does not have pointers,
Michelle,
WebLogic 6.1 SP2 requires your use of JSP custom tags to strictly comply
with the TLD, where 5.1 was not so strict. This strictness is a really good
thing, IMHO, because it helps identify errors and such.
You can add those attributes to the TLD to fix the problem. If you haven't
Oops, oh yeah, I guess that is a problem. I don't have a good solution, but
I can think of a few things that might be worth investigation/consideration:
1. See if you can turn strict checking off in weblogic.xml
2. Add the methods you need to the tag handler classes. (sounds painful)
3. Figure
You can also setup the same image files and resource file entries, and use a
tag like this (including an internationalized ALT value):
html:img pageKey=header.image altKey=header.image.alt border=0 /
Note that the header.image value should be context-relative. Struts will add
the context path
I noticed something very strange in WL 6.1 SP2 -- it will not load jars that
have more than one dot in the name. I had to change our
jakarta-regexp-1.2.jar to jakarta-regexp-1_2.jar (got rid of the . in 1.2)
to get it to load correctly. If your struts jar is called struts-1.1.jar or
something
Annie,
Write a servlet with an init() method that initializes Torque, and specify
that this servlet should load at startup in your web.xml file. Perhaps you
could turn your existing DataModel class into a servlet for this purpose.
See the ActionServlet stuff in web.xml for how to make a servlet
Use the page attribute instead of src to have the context path prepended:
html:img page=/images/logoOnpoint.gif
-Max
- Original Message -
From: Struts Newsgroup @[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 26, 2002 11:10 AM
Subject: html:img and servlet context -
Alex,
A group of developers (including me) have done some work in this area. The
basic idea is that you indicate which Struts action mappings should be
accessed securely, and then use our extensions to various Struts tags when
you link or submit forms to them. Our extended tags recognize that
IntelliJ IDEA is the coolest thing since sliced bread!
Despite having a JBuilder license, I used to spend most of my code editing
time in TextPad because it was quick. I recently tried IntelliJ and have
completely switched over. It has some really cool features like Refactorings
(try them and
Greg,
Please try setting the redirect attribute of your success action forward to
true in the struts-config.xml file, like so:
forward name=success path=/mainPage.do redirect=true /
I'm going to try out this scenario and report back with any additional tips
that I can think of.
-Max
-
Frédéric,
If the query string is different between the two requests, it is not likely
to be a page caching problem. The query string is part of the URL, so things
that cache pages by URL will see the two requests as two different URLs.
Try using the request scope, rather than the session scope,
Mark,
Please tell Netscape's cookie subsystem! I know they are essentially the
same, but Netscape doesn't view them that way and won't send cookies set by
https://hostname to https://hostname:443 so it does turn out to be a problem
anyway. It would be ideal if the web/app server would not mess
Nathan,
I have noticed the behavior you describe on a Struts application that I
worked on. However, I was not sure of why the :443 was added until your
post. I was thinking that it was the web server, perhaps not.
Anyway, one issue to watch out for is that Netscape considers these two URLs
to
Rob,
You are absolutely correct that that is an issue. Our proposed solution for
it is to modify (or extend until this functionality is integrated into
Struts) the Struts form tag as you suggest, so that it will compute the
right URL, which may be an absolute https URL if the target action is
Elijah,
Try giving your tag handler class a proper package name and put that in the
app.tld file.
-Max
- Original Message -
From: Elijah Jacobs [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, February 04, 2002 8:33 AM
Subject: cannot find tag library
For Expresso and Tiles, this seems to have worked for me (though I can't say
I've tested it thoroughly yet). In ExpressoActionServlet.java, change this
line:
public class ExpressoActionServlet extends ActionServlet {
to...
public class ExpressoActionServlet extends ActionComponentServlet {
Rob,
A group of developers (including me) recently proposed a Struts
change/extension to handle that very situation. The basic principle in the
proposal is that you can mark an action mapping as secure, and the
html:link tag will adjust the URL of links to that action accordingly. It
also goes
Sending a redirect to the PDF file might work better for your situation.
-Max
- Original Message -
From: Mark Woon [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Tuesday, January 29, 2002 11:28 PM
Subject: Problem With Forwarding to a non-HTML file
Hi all.
It sounds like some folks have had success with adding the parameter on the
end of the actionmapping. This makes sense to me after reading this from the
JavaDoc for RequestDispatcher.forward() -- For a RequestDispatcher obtained
via getRequestDispatcher(), the ServletRequest object has its path
I read about (but haven't yet tried) a way to set config vars in the web.xml
file and look them up with JNDI. For your examples, it might look something
like this:
web.xml code:
-
env-entry
env-entry-nameWORKING_DIR/env-entry-name
env-entry-typejava.lang.String/env-entry-type
One solution would be to use a servlet or JSP page to write out the CSV
file.
It may make sense to have one servlet generate the table, and then use two
view components (servlets or JSP) to present the data as either HTML or
CSV. This might even be a good XML application - one component
Hi Peter,
I think you might have trouble with having too many JSP tags in the page if
you employed a scheme like that. Yes, it seems a little crazy, but we have
had trouble when a page has many JSP tags (Struts or otherwise) in it. The
server would throw a cryptic exception - class verify error
Watch out for browser caching issues with a JSP stylesheet. It may be slow
to adopt new preferences because the browser is using a cached copy. Turning
caching off might hurt the performance of both the server (having to
regenerate the stylesheet for each page view) and browser (having to
201 - 245 of 245 matches
Mail list logo