I'll be very interested to here the outcome...
Thanks
Martin
-Original Message-
From: Pady Srinivasan [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 16:07
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?
We
If ( !loggedIn ) {
// save all parameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
} else if ( redirectUriIsSet ) {
RedirectServletRequest newreq = new
RedirectServletRequest(re
I think I need to do some simple test cases - with and without struts.
Martin
-Original Message-
From: Joe Germuska [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 15:20
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page
rs Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?
This is the only solution I can think of:
public class RedirectServletRequest extends HttpServletRequest {
public RedirectServletRequest(HttpServletRequest req) {
thi
I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.
I'm really hoping there's a mo
arameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
}
}
public class LoginAction extends Action {
public void execute(...) {
// do login
// login success
// redi
Hi Joe,
I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.
I'm really hoping there
At 1:59 PM + 3/26/04, Martin Alley wrote:
Well I've just simplified by login form - plain html - no struts stuff
going on.
I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.
However the critical be
Well I've just simplified by login form - plain html - no struts stuff
going on.
I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.
However the critical behaviour is still the same - existingCustomer
Hi,
Suppose I've got a web based form that posts data to an action, and I
have that action protected by container form based authorization - how
does the ActionForm data get through.
I have a situation like this, and my ActionForm is empty after I've been
through the form-based login
IL PROTECTED]
> Subject: user login authentication and session timeout
>
>
> I'm looking for examples or to be pointed in the right direction on how
> to achieve the following.
> I want my users to be able to access a mojority of my pages without having
> to login, but
Hi,
You can consider the following ways:
1) You can associate an action class for the page that requires a username
and password. In that action class you can prompt for username and password.
Have a separate action class for the urls that doesn't require login.
2). Have a query s
I'm looking for examples or to be pointed in the right direction on how
to achieve the following.
I want my users to be able to access a mojority of my pages without having
to login, but if they select a specific page a small login pop-up window
would display which would require a valid user
Hello everybody,
I am porting my application from Tomcat 4.1.29 to Tomcat 5.0.18.
I have a Struts ForwardAction mapped to "/Login.do" that produces the page
with login form.
Form based authentication is set with the following fragment of the
deployment descriptor:
FORM
/Login.do
from:
FORM
.login
.loginFailed
to:
FORM
/jsp/login/login.jsp
/jsp/login/login_failed.jsp
Now when I access the test file (the one without tiles) I do get the login
form (just the form, not in my tiles).
Either way, when I access another
ent and the server.
NONE
FORM
.login
.loginFailed
appAdmin
"
My pages are defined in tiles-def.xml as:
"
"
I should note that even when I called the .jsps directly it didn't work
either.
I feel a lit
Hi,
There are many examples available on the web.
Try this http://struts.sourceforge.net/community/tutorials.html
If you mean Struts Validator plugin, I think login is not the best example
because Validator Plugins is about format of input .Validate a login
will generally access database to know
Hi,
Can anyone help me how do I validate the login user session using struts
Plugin?.Explain me with examples as I am new to struts..
Thanks in Advance..
cheers
Sudhakar
DISCLAIMER:
This message (including attachment if any) is confidential and may be privileged.
Before opening
mechanism of maybe storing ip addresses, (though
a malicious user could spoof these).
regards
Ajay
From: "Janusz Dziadon" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
1. I was thinking on corporate solution, where any station has its own ip
(maybe from dhcp)
2. I suggested only to store IP, not to compare on next-login or permanent
block this IP. It is for future investigation only.
3. This organization may have been "yet blocked" because when has com
You could apply what I described by defining the key as username+"@"+ip
Good idea!
-Original Message-
From: Janusz Dziadon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 4:20 PM
To: Struts Users Mailing List
Subject: Re: Login Security
I think, that you shoul
Several organizations expose the same IP address for most or all users. You'd be
blocking entire organizations because of one bad login.
--- Janusz_Dziadoñ <[EMAIL PROTECTED]> wrote:
> I think, that you should register blocked IP anyway in database. It helps to
> explain situ
kom, Jacob" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, December 16, 2003 10:46 PM
Subject: RE: Login Security
> Do a HashMap in the action:
>
> Key is username
> Value is Integer or Date
>
> If ((value =
Does that sound ok?
>
> Ciaran
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 16 December 2003 20:46
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: Login Security
>
> Avoid the cookie solution, it's too e
Btw, remember to flush the map for that username when they are able to login
successfully.
-Original Message-
From: Hookom, Jacob [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 3:46 PM
To: Struts Users Mailing List
Subject: RE: Login Security
Do a HashMap in the action:
Key
: Tuesday, December 16, 2003 3:43 PM
To: 'Struts Users Mailing List'
Subject: RE: Login Security
I am storing the username and password in a table in a mySql database.
I think I will just add a field "last_failure" to the user table... and
after 3 unsuccessful attempts I wil
OTECTED]
Subject: RE: Login Security
Avoid the cookie solution, it's too easy for the user to bypass your
security measures and as mentioned below, this solution won't work if
the browser has disabled cookies.
Don't block IP addresses because they can be easily spoofed and
redirected
BDY.RTF
Description: RTF file
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
ssage-
From: Ciaran Hanley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: Login Security
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins th
One idea
The third time the login fails, register the time for that user.
When a login gets executed, if the last registered time for the given user
is less than the time interval you want -> the login always fails.
The user must have something like:
User : id || login | passw
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins they will be unable to log in for a certain period of time
afterwards. I can count the number of unsuccessful logins ok but how I'm
not s
.
...
The submission is protected by container security, i.e. the url of the
action (e.g. /submit.do ) is declared in a block
in the web.xml file:
private action
/submit.do
admin
The container (Tomcat 4.1.24) is configured to ask credentials by means
of a FORM login, i.e.:
FOR
existence of a
username/password then yes tie the PriceIndex into the Login
If the Price Index is not dependent on username/password then the PriceIndex
information cookies et al) should exist indepedently..
~my 2 cents~
-Martin
- Original Message -
From: "Jonathan Hawkins" <[EM
Howdy All,
I am writing a custom login application.
Our organization has several web applications (Struts of course!)
one of which is a shopping cart.
The current login application adds two cookies to the users browser -
one that stores a number representing a price index and the other an id
ether it was neccesary to be logged in to have permissions
to enter the requested action.
If the user was not logged in and that was a requirement for the action I
did send the user through a login page and back to the same requested
action. This meant that the parameters where send again...
I
That one is pretty simple:
- Use a GET request so the programId is part of the URL.
- Store the whole URL, including the query string.
- Redirect back to the URL (including query string) after the login.
The more difficult case is POSTed parameters that don't show up on the query
string
containing
the programId parameter should be saved, then a login
should be done - displaying a login page where the
user enters username and password and upon login
the user is redirected to the track list page.
I can manage the redirection ofcorse, but I do not know
how to store and restore the re
I have several Struts apps with a form-based single signon using a JNDIRealm
with md5 passwords in openldap. I'm looking to pass username/password used
in Java login to other apps like horde, dotproject, among others for user
convenience. Sync of user account info between db stores used by
> Anyway, tried the
> ideas from this website using JBoss 3.2.1 and Struts 1.1?
There's nothing specific to Struts you need concern yourself with.
The only thing that's struts related is how you get your login
information. I've used one of 2 methods:
1. Used a login.j
I don't think that the things in this article work. For one thing, they
are using an auth.conf file and now everything for login module
configuration is stored in the login-config.xml file. Anyway, tried the
ideas from this website using JBoss 3.2.1 and Struts 1.1?
Keith
On Mon, 2003-09-
http://www.theserverside.com/resources/article.jsp?l=JAAS
-Original Message-
From: Keith Pemberton [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 21, 2003 11:50 PM
To: [EMAIL PROTECTED]
Subject: JAAS Login using LoginAction...
I'm having a bit of trouble trying to login
authentication, there is no need for
struts to do anything. Struts only ever receives authenticated requests
since tomcat sorts that out before letting any through.
Adam
On 09/22/2003 05:49 AM Keith Pemberton wrote:
I'm having a bit of trouble trying to login to a Database Realm that I
I'm having a bit of trouble trying to login to a Database Realm that I
have setup with JBoss. What I would like to do is to be able to login
to the JAAS SecurityManager using a LoginAction. How is the best way to
go about this. I have tried just doing it by calling the LoginContext
login m
D]>
Sent: Tuesday, August 26, 2003 2:52 PM
Subject: Re: login test in a jsp page - any suggestions
isn't it should be better to put his verification at actions? maybe a
common super action could validade it, but I think that the jsp should
be the last place to put it. Ideally, the js
od on your
forms.
-Richard
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 8:03 PM
To: Struts Users Mailing List
Subject: Re: login test in a jsp page - any suggestions
How can I set things up so people can't get to a jsp page? I
I would do this using Servlet Filters.
Thanks
-- pady
[EMAIL PROTECTED]
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 11:03 PM
To: Struts Users Mailing List
Subject: Re: login test in a jsp page - any suggestions
How can I set
dave
- Original Message -
From: "Emerson Cargnin" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, August 26, 2003 2:52 PM
Subject: Re: login test in a jsp page - any suggestions
> isn't it should be better to put his ve
I used login as a simple example. But I have another case that is not as
simple.
I have a 5 page check-out procedure. I want to set it up so that each page
will forward to the previous page if the previous page's input fields have
not been filled out yet. So each page has to do a different
mp;r;=1&w;=2
HTH,
Cezar
> -Original Message-
> From: David Thielen [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 26, 2003 4:16 PM
> To: Struts-Users
> Subject: login test in a jsp page - any suggestions
>
> Hi;
>
> I want to put a test in every jsp
isn't it should be better to put his verification at actions? maybe a
common super action could validade it, but I think that the jsp should
be the last place to put it. Ideally, the jsp's are not even exposed to
clients, making the access the view only through actions.
David Thielen wrote:
Hi;
Why not use a servlet filter ?
Thanks
-- pady
[EMAIL PROTECTED]
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 4:16 PM
To: Struts-Users
Subject: login test in a jsp page - any suggestions
Hi;
I want to put a test in every jsp page
Hi;
I want to put a test in every jsp page to see if the user is logged in. And if not, to
forward them to login.jsp. Is there any way to do this other than putting java code in
my jsp? I'm hoping there is some struts system like .
(Yes, I can have everything be an action that does this test an
11:33 PM
> To: Struts Users Mailing List
> Subject: User authentication methods (or ways to login a user)
>
>
> Hi,
>
> I'm new to Struts and to getr used to it I developped an
> application which has to log in a user by checking records
> in a
entication:
1. session variable on user login, check the variable on each action
2. filter authentication
3. security contraints = container authentication (?)
4. using a tag in each jsp for the validation
Are there any other methods?
As for what method should one use I think depends on many fa
in field 'scope' to
my own design. That way, I can have my security information available in
the struts-config.xml (or module) file(s).
Regards,
David
-Original Message-
From: Jung, Eric (Contractor) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:54 PM
To: Struts U
he member level allowed to use this action (feel free to use this as
a controller for a module as well. If you want a user to have multiple
levels, switch a simple int to a map, bit-mask, or other design of your
choosing.
3. All login-required actions now have a scope set to
'sco
ginal Message-
> From: Andy Richards [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 21, 2003 9:55 AM
> To: Struts Users Mailing List
> Subject: Re: login request + ActionServlet RequestProcessor Action
>
>
> Hmm
>
> Strugling a bit with this one now.?? I have ext
Hello,
I used Struts to develop a web app which has a login form to permit access
to different functionnalities via a menu page. I use a session var I set at
login to check if the user has not logged out.
The problem that I have is, once I do the logoff, if I use the Back button
of the browser to
global
exceptions in the stuts config to redirect the user to my login page (but no
joy!). Anyone have any ideas? Also what method should i override in the
RequestProcessor when handling my login?
many thanks
Andy
On Thursday 21 Aug 2003 11:40 am, Kok Wei, Koh wrote:
> Yeah you should only n
weeks back, I ran into a
problem where one of my Actions needs to extend a class to inherit some
functionality, but I was stucked because I need to extend my
"AuthenticationAction" which handles all my user login stuff.
I can't extend from 2 classes, right? I then went on
ssage-
|From: Andy Richards [mailto:[EMAIL PROTECTED]
|Sent: Thursday, August 21, 2003 2:19 PM
|To: Struts Users Mailing List
|Subject: Re: login request + ActionServlet RequestProcessor Action
|
|
|Hi
|
|After deciding which approach to take and reading a few of my struts books
|about the contr
need to extend my
> "AuthenticationAction" which handles all my user login stuff.
>
> I can't extend from 2 classes, right? I then went on to research the
> RequestProcessor. I used tiles of Struts 1.1 in my project so what I did
> was I ported the "AuthenticationAction" cod
"AuthenticationAction" which handles all my user login stuff.
I can't extend from 2 classes, right? I then went on to research the
RequestProcessor. I used tiles of Struts 1.1 in my project so what I did
was I ported the "AuthenticationAction" code to say
"AuthenticationRe
Hi
After deciding which approach to take and reading a few of my struts books
about the controller object ; ) I am now confused as which is the most
appropriate class to extend to perform my login functionality. David suggests
extending the base action class, however i have read that the
lements LoginCheck
> 3. checkLogin(request) <--- 1st line from within the execute
> or DispatchAction, or LookupDispatchAction method, etc.
>
> Regards,
> David
>
> ---Original Message---
> From: Andy Richards <[EMAIL PROTECTED]>
> Sent: 08/20/03 09:46 AM
>
ction in your
application?
-eric
-Original Message-
From: David G. Friedman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 9:42 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Re: login request
Dear Andy,
I'm doing the same thing you suggest. My ap
n, or LookupDispatchAction method, etc.
Regards,
David
---Original Message---
From: Andy Richards <[EMAIL PROTECTED]>
Sent: 08/20/03 09:46 AM
To: [EMAIL PROTECTED]
Subject: login request
>
> Hi, i have created a form and a action which checks to see if a user
exists
in
my
ecks to see if a user exists in
> my database and if so a value object is placed into the session. What i am
> unsure of is how to a action called everytime a request is made? Can i
> configure struts-config.xml to send all requests via an acti
if this
session object exists, and if not redirect the user to the login page?
many thanks
Andy
--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hi,
This is my first Struts app, I have a login.jsp in which I have declared a
form tag with action as login.do and I have two buttons(a login button and a
browse button) on the page.
I have written a form bean and an action class also. While trying to access
login.jsp I get an "Internal S
probably because the error message says login
whilst your config says /Login
your config should say
From: Seshadhri Srinivasan <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMA
On Thu, 17 Jul 2003, Adam Hardy wrote:
> Date: Thu, 17 Jul 2003 11:34:49 +0200
> From: Adam Hardy <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: Struts Users Mailing List <[EMAIL PROTECTED]>
> Subject: login for half my ac
le this because it can't see the login and error pages
under WEB-INF.
The only options I think I have is (a) use html files not under WEB-INF
or (b) set up an action forward mapping to inside WEB-INF
I want to use JSPs and not just html files because I want to localise
them for language etc
In some of my action mappings I am providing XML output for anybody and
it shouldn't be protected by any web.xml security-constraint, but for
the rest, I need login security which I already have set up.
What I have come up with after a slight false start is a plan to have
all my se
PROTECTED]
Sent: Tuesday, July 15, 2003 2:42 PM
To: [EMAIL PROTECTED]
Subject: login framework
Hi,
I have a following requirement,
there are 2 links on a webpage, when the user clicks
on 1st link show the user login screen if he is not
logged in( ihave login info in session), if the login
is valid f
Hi,
I have a following requirement,
there are 2 links on a webpage, when the user clicks
on 1st link show the user login screen if he is not
logged in( ihave login info in session), if the login
is valid forward the request to 1st html page,
if the user clicks on 2nd link, again show the login
On Thu, 10 Jul 2003, Erez Efrati wrote:
> Date: Thu, 10 Jul 2003 20:29:11 +0200
> From: Erez Efrati <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: 'Struts Users Mailing List' <[EMAIL PROTECTED]>
> Subject: RE:
ECTED]
Sent: Thursday, July 10, 2003 6:27 PM
To: Struts Users Mailing List
Subject: RE: Login Form
Just need to include the relevant JBoss jar(s) on your classpath in
JBuilder... For JBoss 4 it is simply jboss.jar (found in
JBOSS_HOME/server/CONFIG/lib)
:-)
Sean
--
Dr. Sean Radford, MBBS, MSc
<[EMA
---Original Message-
> From: Erez Efrati [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 4:44 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Login Form
>
> Thanks a lot Sean, I will try it and let you know how it works.
>
> Thanks for your great
44 PM
To: 'Struts Users Mailing List'
Subject: RE: Login Form
Thanks a lot Sean, I will try it and let you know how it works.
Thanks for your great help,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 12:28 PM
To: Struts Use
Thanks a lot Sean, I will try it and let you know how it works.
Thanks for your great help,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 12:28 PM
To: Struts Users Mailing List
Subject: RE: Login Form
Erez,
Things you need to do
Sean Radford [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2003 11:26 AM
> To: Struts Users Mailing List
> Subject: RE: Login Form
>
> All,
>
> Please find attached my securityfilter realm adaptor. The other code I
> was waiting for hasn't materialised, so I
?
Thanks,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 11:26 AM
To: Struts Users Mailing List
Subject: RE: Login Form
All,
Please find attached my securityfilter realm adaptor. The other code I
was waiting for hasn't materialised,
gt;
> -Original Message-
> From: Sean Radford [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 09, 2003 11:19 AM
> To: Struts Users Mailing List
> Subject: RE: Login Form
>
> On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
> > Thanks Sean,
> >
> > I loo
Radford [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 09, 2003 11:19 AM
To: Struts Users Mailing List
Subject: RE: Login Form
On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
> Thanks Sean,
>
> I looked at it and it does avoid the BIG limitation posed by the
> standard spec in fact. St
elopment and it amazes me that such a basic
> feature is missing from the Servlet spec and is not addressed. Why is it
> that way? Is it so unusual to want to have the login fields on the start
> page??
Not unusual at all... And many Java sites have it that way, but they
don't necessaril
missing from the Servlet spec and is not addressed. Why is it
that way? Is it so unusual to want to have the login fields on the start
page??
Thanks,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 08, 2003 8:21 PM
To: Struts Users Mailing List
Have a look at this (you may find what you want):
http://sourceforge.net/projects/securityfilter/
Sean
> -Original Message-
> From: Erez Efrati [mailto:[EMAIL PROTECTED]
> Sent: July 8, 2003 10:11 AM
> To: 'Struts Users Mailing List'
> Subject: Login Form
>
On Tue, 8 Jul 2003, Erez Efrati wrote:
> Date: Tue, 08 Jul 2003 19:03:17 +0200
> From: Erez Efrati <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: 'Struts Users Mailing List' <[EMAIL PROTECTED]>
> Subject: RE: Login
Here is the link:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg14215.html
-
Oh I thought you had trouble accessing a protected login page from a non-secure
page.
Is this what you want to do in your main page?
User ID:
Password:
And your problem is
Oh I thought you had trouble accessing a protected login page from a non-secure
page.
Is this what you want to do in your main page?
User ID:
Password:
And your problem is that you don't have control over 'my_security_check' does in
JAAS.
I found an archive mail on
Yansheng Lin, I didn't understand, sorry.
All I want to do is enable the users to login into my site from the
starting page of the web site.
Is it possible to post the a form action='j_security_check'? I mean
before accessing a protected page which the Tomcat protects and sends
Not sure if I understand it entirely. But you can use an iframe for the login
form(protected page) on the site home page. Something like:
Hope this helps.
-Original Message-
From: Erez Efrati [mailto:[EMAIL PROTECTED]
Sent: July 8, 2003 10:11 AM
To: 'Struts Users Mailing
FORM clauses inside the Web.xml file.
In my web site I want to have the site home page to have also a small
login form where the user could enter username and password and login to
the site. The home page, contains other links as well, which lead to
other parts of the site or even to external pages on
if role check fails, Struts sets HttpResponse code 400 (Bad Request)
-D
- Original Message -
From: "Adam Hardy" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Saturday, June 14, 2003 2:44 AM
Subject: Re: Login and securit
What happens if you don't put a security constraint in the web.xml, but
instead just specify a role in action in struts-config.xml?
Adam
Erik Price wrote:
You can limit the resources that are protected by container managed
authentication in the deployment descriptor. Whichever Action requires
Thanks for the replies Shunhui, Erik, Tero, and Chris. Very helpful
suggestions.
Mike
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 13, 2003 2:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Login and security checks
Here's how I do it: use a se
[EMAIL PROTECTED] writes:
> there is definitely a need for browsing before creating a user id. How can I
> organize my webapp so that some of the content is available to anybody, but
> other parts can only be done when the user logs in? This may also be tied
> into when to use http and when to us
> How can I organize my webapp so that some of the
> content is available to anybody, but other parts
> can only be done when the user logs in?
available to anybody: http://www.example.com/yourapp/public/*
protected: http://www.example.com/yourapp/members/*
-TPP
[EMAIL PROTECTED] wrote:
I'm currently working on a web app which will be available publicly. In the
past I've secured my webapp using Tomcat's form based security. This works
fine if you require a user to log in as soon as the webapp is initiated (as
is the case with most internal web apps).
1 - 100 of 295 matches
Mail list logo