Why would your login action have a role associated with it?! ... isn't executing that action where you determine the role? I ... think ... that might be your problem. See - until a person is authenticated there is no prinicpal. Until you have a principal, you don't have the associated role information loaded. Until you have the associated roles loaded, you can't very well use it as criteria ...
Maybe I missed something in earlier banter on this topic. Regards, Eddie Michael wrote: >>You will most likely want to use a <security-constraint> and an >><auth-method> in your web.xml file if you want the container to >>authenticate users automatically. The "roles" attribute in >>struts-config.xml lets you impose additional restrictions above and >> >beyond > >>whatever is set up in web.xml, but doesn't have any way to trigger >>authentication in the first place. >> > >I do in fact have this in my web.xml file. In fact for the test1.jsp >it's working properly. So after this I add the "roles" to the action >but the action gives me the error.. > >Web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Test 1</web-resource-name> > <url-pattern>/test1.jsp</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>idtect_readonly</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Idtect OEM Server</realm-name> > </login-config> > > <security-role> > <role-name>idtect_readonly</role-name> > </security-role> > >Struts_config.xml > ><!-- Process a user logon --> ><action path="/login" > type="com.idtect.oemserver.web.LoginAction" > name="loginForm" > scope="request" > input="/login.jsp" > roles="idtect_readonly">> > >I get the following error: > >HTTP Status 400 - User is not authorized to access action /login > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
