[
https://issues.apache.org/struts/browse/WW-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Holmes closed WW-2121.
----------------------------
Resolution: Not A Problem
These types of questions should be asked on the Struts users mailing list:
http://struts.apache.org/mail.html
> I want to secure my web application using Container managed security by using
> Websphere Application Server6.1.the security credentials are not propagated
> to the Filter class.Where as the same works 100% fine in TOMCAT server.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WW-2121
> URL: https://issues.apache.org/struts/browse/WW-2121
> Project: Struts 2
> Issue Type: Bug
> Environment: Websphere Application Server 6.1
> Struts 2.0.9
> Rational Application Developer 7
> Reporter: Balamurugan
>
> Hi ,
> I am newbie to Struts2. I have the following issue while configuring the
> container managed security in Struts2 with Websphere Application Server 6.1.
> ..Need urgent assistance Please...
> I don't know that this is the correct forum to post this query.If not kindly
> let me know the correct forum where i can post.
> Issue:
> --------
> I want to secure my web application using Container managed security by
> using Websphere Application Server6.1. Secured all the URLs by placing a
> security constraint and map the relevant users/groups in my web.xml.But the
> security credentials are not propagated to the Filter class.Where as the same
> works 100% fine in TOMCAT server.
> After configuring all container managed security we were able to get the
> security credentials like remoteUser in JSP.But when the form is submitted
> to the action class by having the Filter as a controller we are not able to
> get the remoteUser by calling request.getRemoteUser() at the Action .
> Wat we inferred is that the Userprinpical context in the request parameter is
> not available at the Filter.
> Below are the entries which we have in web.xml
> <security-constraint>
> <display-name>
> secconst12</display-name>
> <web-resource-collection>
> <web-resource-name>secweb1234</web-resource-name>
> <url-pattern>*.action</url-pattern>
> <url-pattern>/*</url-pattern>
> <url-pattern>*</url-pattern>
> <http-method>GET</http-method>
> <http-method>PUT</http-method>
> <http-method>HEAD</http-method>
> <http-method>TRACE</http-method>
> <http-method>POST</http-method>
> <http-method>DELETE</http-method>
> <http-method>OPTIONS</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>
> secAuthConst12</description>
> <role-name>secrole12</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>DirRealm</realm-name>
> </login-config>
> <security-role>
> <role-name>secrole12</role-name>
> </security-role>
> Below are the steps we tried to get a basic idea.For that we wrote a sample
> Servlet and sample Filter and configured it in our web.xml as shown in below
> and tested the application..
> Approach 1
> ----------------
> 1) Having a Servlet as a controller.(Submit the jsp form to a Servlet)
> 1)we have the following entries in web.xml
> <servlet>
> <description></description>
> <display-name>SampleServletController</display-name>
> <servlet-name>SampleServletController</servlet-name>
>
> <servlet-class>com.xxx.xxx.xxx.SampleServletController</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>SampleServletController</servlet-name>
> <url-pattern>*.action</url-pattern>
> </servlet-mapping>
> 2) When we call the request.getRemoteUser() in the servlet's doPost
> method we can able to get the remoteUser name by calling
> request.getRemoteUser() method.
> Output
> ----------
> This approach works fine in both ApacheTomacat6.0.14 and Websphere
> Application Server6.1. (ie) we can able to get the remoteUser in servlet's
> doPost() method.
>
> Approach 2
> ----------------
> 2) Having a Servlet Filter as a controller.(Submit the form to a Servlet
> Filter) -
> 1)we have the following entries in web.xml
> <filter>
> <description></description>
> <display-name>SampleFilterController</display-name>
> <filter-name>SampleFilterController</filter-name>
>
> <filter-class>com.xxx.xxx.xxx.SampleFilterController</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>SampleFilterController</filter-name>
> <url-pattern>*.action</url-pattern>
> </filter-mapping>
> Output
> ---------
> 1) In Apache Tomcat 6.0.14 when we call the request.getRemoteUser() in
> the Filter's doFilter() method we got the remoteUser name.
> 2) In Websphere Application Server 6.1 when we call the
> request.getRemoteUser() in the Filter's doFilter() method we got null.
> The above scenarios clearly flags that the application works fine in TOMCAT
> and doesn't in the WebSphere Application Server when we have the Servlet
> Filter as controller. Please let us know what would be required to be done to
> make it work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
