Jackie,
as a BASIC authentication example for Tomcat:
1.:
create a new role, and user in TOMCAT_HOME/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
...
<role rolename="helpdesk_standard"/>
...
<user username="helpdesk" password="helpdesk" roles="helpdesk_standard"/>
...
</tomcat-users>
-----------------------------------------------------------------------
2: in the web.xml of your ( struts ) web application, add the security
constraints (near the end):
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>/oracle/apps/request</web-resource-name>
<url-pattern>/oracle/apps/request/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>helpdesk_standard</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Oracle Apps Helpdesk Dashboard</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to query oracle requests information
</description>
<role-name>helpdesk_standard</role-name>
</security-role>
3: you can replace the standard error page with your own (below the
-----Original Message-----
From: jackie [mailto:[EMAIL PROTECTED]
Sent: woensdag 15 september 2004 5:14
To: Struts Developers List
Subject: Container- based security
Hello Everyone,
Can anyone help me to setup a container based security in Struts
application. I research that it involves using filter, then also the server
authentication.
Also a quote from this site, written by Ted
Husted:
http://www.jguru.com/faq/view.jsp?EID=471934
"Answer
You can use either container-based security or form-based security to
authenticate users. With container-based security, the Web browser will
track the logins for you, and "replay" the credentials to the server
whenever they are required. If a browser hasn't been authenticated yet, it
will automatically display a simple login form. If the login passes, the
user's original request will proceed. This will also work properly if a user
tried to POST from a form to an action URI in a protected area. Once the
browser is authenticated, the POST proceeds normally. For applications that
manage their own logins, it is probably easier to insist that every single
page test for an authenticated user first, and redirect to the login page if
not. The Struts example application does this -- partially by use of an
application-specific custom tag (app:checkLogon) that performs this check at
the top of every page. The tag is application-specific, because the notion
of what constitutes a "logged on user" is application specific as well. "
My project specs is, if the user is not login. then the user directly
link to a certain page, then it automatically goes to a login page...
I used the Struts Tags <logic:present> but then It is not very reliable
and very tasky to do, and I like also to seperate the View part from the
Controller part.
I find difficulty in setting out the filter... Also it is my first time
to used an authentication Struts Web App. I am not sure what is the right
filter or what kind of authetication that is appropriate in my app.
Thanks! Anyhelp will be greatly appreciated!
Cheers,
jack
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
