Then surely it'd work properly? If the user is logged in, the logout wont be protected and it can log them out along the way .. If they're not logged in, they'll get thrown a login screen .. Right?
>-----Original Message----- >From: Andrew Hill [mailto:[EMAIL PROTECTED]] >Sent: 23 September 2002 12:01 >To: Struts Users Mailing List >Subject: RE: How can I make my logout page not secure? > > >Perhaps his login & logout are the same action both forwarding >to the login screen, and if already logged in, logging out >along the way? > >-----Original Message----- >From: Cliff Rowley [mailto:[EMAIL PROTECTED]] >Sent: Monday, September 23, 2002 18:54 >To: 'Struts Users Mailing List' >Subject: RE: How can I make my logout page not secure? > > >Out of pure interest, why do you want logout unprotected? >People who are logged out wont need to log out, will they? > >>-----Original Message----- >>From: Michael [mailto:[EMAIL PROTECTED]] >>Sent: 23 September 2002 09:40 >>To: [EMAIL PROTECTED] >>Subject: How can I make my logout page not secure? >> >> >>I'm using J2EE container managed security (in Tomcat). I set >up a rule >>to protect all *.do actions. The problem is my logout.do is >protected >>as well! >> >>In my web.xml I have: >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>All DO</web-resource-name> >> <url-pattern>*.do</url-pattern> >> <http-method>GET</http-method> >> <http-method>POST</http-method> >> </web-resource-collection> >> <auth-constraint> >> <role-name>*</role-name> >> </auth-constraint> >> </security-constraint> >> >>And then I use struts to set the security roles for each action. >>Although my logout action doesn't have any security roles, the above >>config in the web.xml requires a user to be authenticated before >>executing an action. >> >>What can I do to unprotect my logout action? >> >> >> >>-- >>To unsubscribe, e-mail: >><mailto:struts-user->[EMAIL PROTECTED]> >>For >>additional commands, >>e-mail: <mailto:[EMAIL PROTECTED]> >> >> > > >-- >To unsubscribe, e-mail: ><mailto:struts-user->[EMAIL PROTECTED]> >For >additional commands, >e-mail: <mailto:[EMAIL PROTECTED]> > > >-- >To unsubscribe, e-mail: ><mailto:struts-user->[EMAIL PROTECTED]> >For >additional commands, >e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
