> news on this soon. As I
> >>> had to locate WAS L3 support in person and I
> am working with them on
> >>> this issue [though the pace is slow].
> >>>
> >>> Also keep in mind, the same issue exists on
> WAS 7.0.0.1 with a slight
> >
in person and I am working with them on
>>> this issue [though the pace is slow].
>>>
>>> Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight
>>> variation. If this is determined to be a Websphere problem with WAS 6.1.
>>> Then I have a s
only for Struts 2.1.x.
Struts 2.0.11 or 2.0.12 should be okay.
--- On Tue, 3/17/09, pblatner wrote:
> From: pblatner
> Subject: Re: Struts 2 Container Security problem
> To: user@struts.apache.org
> Received: Tuesday, March 17, 2009, 4:15 PM
>
> I don't see how this fix
t;> issue [though the pace is slow].
>>
>> Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight
>> variation. If this is determined to be a Websphere problem with WAS 6.1.
>> Then I have a stronger case to press issue for WAS 7.0.
>>
>> --- On
determined to be a Websphere problem with WAS 6.1. Then
> I have a stronger case to press issue for WAS 7.0.
>
> --- On Mon, 3/16/09, pblatner wrote:
>
>> From: pblatner
>> Subject: Re: Struts 2 Container Security problem
>> To: user@struts.apache.org
>> Receiv
issue exists on WAS 7.0.0.1 with a slight
variation. If this is determined to be a Websphere problem with WAS 6.1. Then I
have a stronger case to press issue for WAS 7.0.
--- On Mon, 3/16/09, pblatner wrote:
> From: pblatner
> Subject: Re: Struts 2 Container Security problem
>
I have tried to do the exact thing that Jeromy suggests below with 2
packages. And then in the web.xml specify a security constraint with the
URL pattern "/protected/*". After doing so, I am not getting the result
that I think I should be.
When issuing a request for my action at
"http://localho
On Wed, 2008-02-20 at 05:15 +, Kelly Graus wrote:
> Wes Wannemacher wantii.com> writes:
>
> > I'm jumping in late, so if I refer to something that came up in a
> > previous post, I apologize ahead of time. I'm guessing that you're using
> > tomcat. Tomcat is picky about certain things being
Wes Wannemacher wantii.com> writes:
> I'm jumping in late, so if I refer to something that came up in a
> previous post, I apologize ahead of time. I'm guessing that you're using
> tomcat. Tomcat is picky about certain things being actual filesystem
> resources. There are two possible solutions (
On Tue, 2008-02-19 at 17:56 -0800, Dave Newton wrote:
> --- Jeromy Evans <[EMAIL PROTECTED]> wrote:
> > Wes Wannemacher wrote:
> > > In this case a 0-byte file called login.action may do the trick. It's a
> bit
> > > of a hack, and I think when this comes up with the Tomcat peeps, they
> > > point
--- Jeromy Evans <[EMAIL PROTECTED]> wrote:
> Wes Wannemacher wrote:
> > In this case a 0-byte file called login.action may do the trick. It's a
bit
> > of a hack, and I think when this comes up with the Tomcat peeps, they
> > point to the spec.
> Excellent! I loathe using a redirect. This proba
Wes Wannemacher wrote:
On Wed, 2008-02-20 at 00:43 +, Kelly Graus wrote:
Jeromy Evans blueskyminds.com.au> writes:
[snip]
I would add a login action to the public namespace which prepares a
login page. Unfortunately I don't think the container will allow you to
specify "/login.action"
Wes Wannemacher wrote:
I'm jumping in late, so if I refer to something that came up in a
previous post, I apologize ahead of time. I'm guessing that you're using
tomcat. Tomcat is picky about certain things being actual filesystem
resources. There are two possible solutions (if I'm right about T
On Wed, 2008-02-20 at 00:43 +, Kelly Graus wrote:
> Jeromy Evans blueskyminds.com.au> writes:
[snip]
>
>
> > I would add a login action to the public namespace which prepares a
> > login page. Unfortunately I don't think the container will allow you to
> > specify "/login.action" as the
Jeromy Evans blueskyminds.com.au> writes:
>
>
> >> I would add a login action to the public namespace which prepares a
> >> login page. Unfortunately I don't think the container will allow you to
> >> specify "/login.action" as the login page though, but you can make
> >> login.jsp redirect
I would add a login action to the public namespace which prepares a
login page. Unfortunately I don't think the container will allow you to
specify "/login.action" as the login page though, but you can make
login.jsp redirect to it.
According to Practical Apache Struts 2, this should b
--- Kelly Graus <[EMAIL PROTECTED]> wrote:
> > I would add a login action to the public namespace which prepares a
> > login page. Unfortunately I don't think the container will allow you to
> > specify "/login.action" as the login page though, but you can make
> > login.jsp redirect to it.
>
Jeromy Evans blueskyminds.com.au> writes:
>
> Hi Kelly,
>
> In struts.xml, the namespace given to your package needs be in
> /protected as well.
> eg.
> Otherwise, as you've seen, it's available in the root of the
> application's context path.
>
> I usually split my struts2 application into
Hi Kelly,
In struts.xml, the namespace given to your package needs be in
/protected as well.
eg.
Otherwise, as you've seen, it's available in the root of the
application's context path.
I usually split my struts2 application into at least two packages:
...
Which then allows you to apply
Martin Gainty hotmail.com> writes:
>
> start here
> http://www.acegisecurity.org/guide/springsecurity.html
>
> M-
Thank you for the response. I looked at Acegi, but it seemed overly
complex for my requirements. This application is just a simple in
house administration tool (and learning exerci
start here
http://www.acegisecurity.org/guide/springsecurity.html
M-
- Original Message -
From: "Kelly Graus" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, February 19, 2008 12:12 PM
Subject: Struts 2 Container Security problem
> Hi Everyone,
>
> I'm attempting to secure my first Struts 2 web
21 matches
Mail list logo
