Hi balak31,
I've run into the exact same issue and I'm wondering if you were ever able
to find a work-around? It seems that it's impossible to get any user
credentials while in a filter... I've had no issues gathering the data in a
servlet.
Similar to your situation, I urgently need a resonse!
Any guidance would be greatly appreciated!
Thanks,
Matt
balak31 wrote:
>
> Hi ,
>
> I am newbie to Struts2. I have the following issue while configuring the
> container managed security in Struts2 with Websphere Application Server
> 6.1. ..Need urgent assistance Please...
>
>
>
> Issue:
> --------
> I want to secure my web application using Container managed security by
> using Websphere Application Server6.1. Secured all the URLs by placing a
> security constraint and map the relevant users/groups in my web.xml.But
> the security credentials are not propagated to the LoginAction class.when
> i print the request.getRemoteUser() it gives null.Where as the same works
> 100% fine in TOMCAT server.
>
>
> Entries in web.xml
> ------------------
>
> <filter>
> <filter-name>struts</filter-name>
>
> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
>
> </filter>
>
> <filter-mapping>
> <filter-name>struts</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> <security-constraint>
> <display-name>
> secconst12</display-name>
> <web-resource-collection>
> <web-resource-name>secweb1234</web-resource-name>
> <url-pattern>*.action</url-pattern>
> <url-pattern>/*</url-pattern>
> <url-pattern>*</url-pattern>
> <http-method>GET</http-method>
> <http-method>PUT</http-method>
> <http-method>HEAD</http-method>
> <http-method>TRACE</http-method>
> <http-method>POST</http-method>
> <http-method>DELETE</http-method>
> <http-method>OPTIONS</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>
> secAuthConst12</description>
> <role-name>secrole12</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>DirRealm</realm-name>
> </login-config>
> <security-role>
> <role-name>secrole12</role-name>
> </security-role>
>
>
> Entries in struts.xml
> ---------------------
> <struts>
> <!-- Include webwork default (from the Struts JAR). -->
> <include file="struts-default.xml"/>
>
> <package name="default" extends="struts-default">
>
> <action name="login" class="com.xxx.xxx.action.LoginAction" >
> <result name="load" >success.jsp</result>
> </action>
> </package>
> </struts>
>
> LoginAction.java
> ----------------
>
> public class LoginAction
> {
>
> ...........
> ...........
> ...........
>
> public String execute()
> {
>
> HttpServletRequest request = ServletActionContext.getRequest();
> System.out.println("req.getRemoteUser() : " +
> request.getRemoteUser());
> // Prints null
> System.out.println("username : " +
> request.getParameter("userName"));
>
> return "load";
> }
>
> }
>
>
> Below are the approaches what i've tried so far:
> -----------------------------------------------
> Approach 1:
> Converted the Same application to Struts1.2 and deployed it in Websphere
> Application Server 6.1
> Output:
> It works fine.Can able to get the remoteUser using request.getRemoteUser()
>
> Approach 2:
> Deployed the same struts2 application in ApacheTomcat 6.0.14
> Output:
> It works fine.Can able to get the remoteUser using request.getRemoteUser()
>
> Approach 3:
> Deployed the same struts2 application in Websphere Application Server 6.1
> Output:
> Not able to get the remoteUser in LoginAction.It prints null.
>
>
> Am i missing anything fundamentally.Please let us know what would be
> required to be done to make it work.
>
--
View this message in context:
http://www.nabble.com/Security-credentials-are-not-propogated-to-Actionclass-in-Struts2-tp12234106p15882514.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
