Using Tomcat declarative security for my app
Hi!, first of all excuse my poor english... I have this problem: My idea for securing my app was using Tomcat, so i have two directories: administrator and user, with their own jsp's. In the web.xml i was pretending to do this: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping servlet-mapping servlet-nameaction/servlet-name url-pattern/user/*.do/url-pattern /servlet-mapping and protrect administrative and user directories with tomcat: security-constraint web-resource-collection web-resource-name Menu Administrador /web-resource-name url-pattern /administrator/* /url-pattern /web-resource-collection auth-constraint role-nameadministrador/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page /pagLogin.jsp /form-login-page form-error-page /errorLogin.jsp /form-error-page /form-login-config /login-config But, even it seems to login correctly, always returns to me a 400 error (Invalid path) and I can`t access to any .do... that url-pattern is correct? can i filter by /administrator/*.do? (I have tried also by /administrator/ and returns de same message). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using Tomcat declarative security for my app
1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access. Thanks -- pady [EMAIL PROTECTED] -Original Message- From: Sipe Informática [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:40 AM To: Struts Users Mailing List Subject: Using Tomcat declarative security for my app Hi!, first of all excuse my poor english... I have this problem: My idea for securing my app was using Tomcat, so i have two directories: administrator and user, with their own jsp's. In the web.xml i was pretending to do this: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping servlet-mapping servlet-nameaction/servlet-name url-pattern/user/*.do/url-pattern /servlet-mapping and protrect administrative and user directories with tomcat: security-constraint web-resource-collection web-resource-name Menu Administrador /web-resource-name url-pattern /administrator/* /url-pattern /web-resource-collection auth-constraint role-nameadministrador/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page /pagLogin.jsp /form-login-page form-error-page /errorLogin.jsp /form-error-page /form-login-config /login-config But, even it seems to login correctly, always returns to me a 400 error (Invalid path) and I can`t access to any .do... that url-pattern is correct? can i filter by /administrator/*.do? (I have tried also by /administrator/ and returns de same message). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the Heroix e-mail Security System __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Tomcat declarative security for my app
Thanks for your help, but it is not the problem... I deleted all about security in my web.xml to test only de filter mapping of the struts action servlet: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping With this mapping always returns to me a 400 error (Invalid Path)... I have tried also /app/administrator/*.do, but it returns the same error... any idea? Thanks ... Pady Srinivasan wrote: 1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access. Thanks -- pady [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Tomcat declarative security for my app
If you're using a javax.servlet.Filter and you then filter-mapping filter-nameMyFilter/filter-name url-pattern/administrator/*.do/url-pattern /filter-mapping you can also map to a servlet name rather than a url pattern but this seems what you want. On 24 Mar 2004, at 18:10, Sipe Informática wrote: Thanks for your help, but it is not the problem... I deleted all about security in my web.xml to test only de filter mapping of the struts action servlet: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping With this mapping always returns to me a 400 error (Invalid Path)... I have tried also /app/administrator/*.do, but it returns the same error... any idea? Thanks ... Pady Srinivasan wrote: 1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access. Thanks -- pady [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Tomcat declarative security for my app
You can use either path or extension mapping, but not a combination of both. So /administrator/* is okay and *.do is okay but /administrator/*.do is not. Quoting Mark Lowe [EMAIL PROTECTED]: If you're using a javax.servlet.Filter and you then filter-mapping filter-nameMyFilter/filter-name url-pattern/administrator/*.do/url-pattern /filter-mapping you can also map to a servlet name rather than a url pattern but this seems what you want. On 24 Mar 2004, at 18:10, Sipe Informática wrote: Thanks for your help, but it is not the problem... I deleted all about security in my web.xml to test only de filter mapping of the struts action servlet: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping With this mapping always returns to me a 400 error (Invalid Path)... I have tried also /app/administrator/*.do, but it returns the same error... any idea? Thanks ... Pady Srinivasan wrote: 1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access. Thanks -- pady [EMAIL PROTECTED] -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using Tomcat declarative security for my app
opps.. sorry for the dodgy info. in fact mine follow the /dir/* pattern. On 24 Mar 2004, at 18:45, Kris Schneider wrote: You can use either path or extension mapping, but not a combination of both. So /administrator/* is okay and *.do is okay but /administrator/*.do is not. Quoting Mark Lowe [EMAIL PROTECTED]: If you're using a javax.servlet.Filter and you then filter-mapping filter-nameMyFilter/filter-name url-pattern/administrator/*.do/url-pattern /filter-mapping you can also map to a servlet name rather than a url pattern but this seems what you want. On 24 Mar 2004, at 18:10, Sipe Informática wrote: Thanks for your help, but it is not the problem... I deleted all about security in my web.xml to test only de filter mapping of the struts action servlet: servlet-mapping servlet-nameaction/servlet-name url-pattern/administrator/*.do/url-pattern /servlet-mapping With this mapping always returns to me a 400 error (Invalid Path)... I have tried also /app/administrator/*.do, but it returns the same error... any idea? Thanks ... Pady Srinivasan wrote: 1. Make sure you define a security-role element for 'administrator' in web.xml. Also the auth-constraint has role-name as 'administrador'. Maybe a spelling error ? 2. And the role should be defined in tomcat-users.xml also. And the users in this role would alone be allowed access. Thanks -- pady [EMAIL PROTECTED] -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
