Since myaccount is not an actual resource you might try creating a jsp
called "myaccount" that simply forwards control to the controller servlet.
The security would be imposed on the jsp and in turn the controller servlet.
Robin
-----Original Message-----
From: Rhodes, Phillip C. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 07, 2000 2:22 PM
To: JRun-Talk
Subject: JRun security and MVC don't mix.
Here is what I have found:
I have a url http://b2c.rhodepc-ws.alcoa.com/control/myaccount that needs to
be protected.
Here are the components of the URL:
http is the protocol
b2c.rhodepc-ws is the hostname
alcoa.com is the domain
control is a servlet mapping that points to "Main.jsp"
myaccount is a variable used by the controller server (the one above) to
create a page consisting of the following components:
<j2ee:Screen screen="<%=ScreenNames.MY_ACCOUNT_SCREEN%>">
<j2ee:Parameter parameter="HtmlTitle" value="Alcoa Accessory Products"
direct="true"/>
<j2ee:Parameter parameter="HtmlBanner" value="/banner.jsp"
direct="false"/>
<j2ee:Parameter parameter="HtmlBody" value="/customer/MyAccount.jsp"
direct="false"/>
<j2ee:Parameter parameter="HtmlFooter" value="/footer.jsp"
direct="false"/>
</j2ee:Screen>
I am not going to spend a lot of time explaining the j2ee custom tag. In
short, it builds the page via includes from its definition. The resultant
page is going to consist of banner.jsp, /customer/MyAccount.jsp and
footer.jsp
If I invoke my url without security on it, I see my expected page.
The URL that I use is http://b2c.rhodepc-ws.alcoa.com/control/myaccount
If I define the following url pattern, nothing happens:
<url-pattern>/control/myaccount</url-pattern> (I tried may different
combinations here)
However, this url pattern will protect the resource:
<url-pattern>/customer/*</url-pattern>
Notice that I have to put the file as it is known in the file system. I
don't like that fact that JRun won't protect my logical mappings (i.e.
/control/myaccount).
Lastly, considering that JRun won't protect my logical URL mappings, I
cannot find a work around. Even if I define the url pattern that *works*
<url-pattern>/customer/*</url-pattern>, when I enter the correct
username/password, JRun does not know where to send the authenticated user
next. For example, if I go to
http://b2c.rhodepc-ws.alcoa.com/control/myaccount and put in my username
and password, hit submit, I am taken to
http://b2c.rhodepc-ws.alcoa.com/control/, not to
http://b2c.rhodepc-ws.alcoa.com/control/myaccount
If anyone has any thoughts on how to get around this, I would appreciate
them!
Thanks.
Phillip Rhodes
[EMAIL PROTECTED]
Alcoa eCommerce
https://www.ALCOADIRECT.COM
826B Two Allegheny Center Pittsburgh, PA 15212
(412) 553-4900 (phone) (412) 553-2484 (fax)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide
more resources for the community. http://www.fusionauthority.com/ads.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
