Re: Login and security checks

2003-06-14 Thread Adam Hardy
What happens if you don't put a security constraint in the web.xml, but instead just specify a role in action in struts-config.xml? Adam Erik Price wrote: You can limit the resources that are protected by container managed authentication in the deployment descriptor. Whichever Action requires

Re: Login and security checks

2003-06-14 Thread Dan Tran
if role check fails, Struts sets HttpResponse code 400 (Bad Request) -D - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Saturday, June 14, 2003 2:44 AM Subject: Re: Login and security checks What happens if you don't put

Login and security checks

2003-06-13 Thread mike . witt
I'm currently working on a web app which will be available publicly. In the past I've secured my webapp using Tomcat's form based security. This works fine if you require a user to log in as soon as the webapp is initiated (as is the case with most internal web apps). However, with my current

RE: Login and security checks

2003-06-13 Thread szhu
to the login page. Shunhui -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: Login and security checks I'm currently working on a web app which will be available publicly. In the past I've secured my

Re: Login and security checks

2003-06-13 Thread Erik Price
[EMAIL PROTECTED] wrote: I'm currently working on a web app which will be available publicly. In the past I've secured my webapp using Tomcat's form based security. This works fine if you require a user to log in as soon as the webapp is initiated (as is the case with most internal web apps).

RE: Login and security checks

2003-06-13 Thread Paananen, Tero
How can I organize my webapp so that some of the content is available to anybody, but other parts can only be done when the user logs in? available to anybody: http://www.example.com/yourapp/public/* protected: http://www.example.com/yourapp/members/* -TPP

Re: Login and security checks

2003-06-13 Thread Chris Halverson
[EMAIL PROTECTED] writes: there is definitely a need for browsing before creating a user id. How can I organize my webapp so that some of the content is available to anybody, but other parts can only be done when the user logs in? This may also be tied into when to use http and when to use

RE: Login and security checks

2003-06-13 Thread mike . witt
Thanks for the replies Shunhui, Erik, Tero, and Chris. Very helpful suggestions. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 2:59 PM To: [EMAIL PROTECTED] Subject: RE: Login and security checks Here's how I do it: use a servlet