Ho-Ki Au wrote: > I read in the mail archive that it was possible to apply container managed > security on struts action. Can someone give me an example on how this can > be done? > I have a servlet-mapping like this: > <servlet-mapping> > <servlet-name>action</servlet-name> > <url-pattern>*.do</url-pattern> > </servlet-mapping> > > and I would like to trigger a container-managed login whenever an action is > done. Please help. > -hoki >
Hoki, The key thing to understand is that struts actions invoked by URL's can be protected like any other URL resource using container-managed security. Check out http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html for a nice description of how to set up container-managed security using Tomcat 4.0. Here is a very simple example using struts 1.02. In this example, actions requiring authentication have /a/ at the start of their paths, others do not. The URL request to the protected resource forces a login. The constraint below forces *everything* (including HTML pages, jsps) down the /a/ path to be authenticated. If you want to protect just the actions, you need to modify the security constraint. In web.xml: <!-- Security Constraints --> <security-constraint> <web-resource-collection> <web-resource-name>Secure Area</web-resource-name> <url-pattern>/a/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>administrator</role-name> <role-name>reader</role-name> </auth-constraint> </security-constraint> In struts-config: <!-- Register reader **non-authenticated action** --> <action path="/register" type="com.steitz.library.SaveReaderAction" name="readerForm" scope="request" input="/Register.jsp"> <forward name="success" path="/welcome.html"/> <forward name="error" path="/registrationError.jsp"/> <forward name="cancel" path="/registrationCancel.jsp"/>ls </action> <!-- Edit book (Update or Create) **action requires authentication** --> <action path="/a/editBook" type="com.steitz.library.EditBookAction" name="bookForm" scope="request" input="/a/book.jsp" validate="false"> <forward name="success" path="/a/editBook.jsp"/> </action> hth, Phil > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

