Yes, I think waiting for the original poster to clarify might be the most practical course.
(A pity, as I had come up with a very sound reason for unprotectecting logout that involved the RAND corporation, the CIA, a global conspiracy involving Elvis & Beer. (Well mostly just beer actually ;->.)) -----Original Message----- From: Cliff Rowley [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 19:14 To: 'Struts Users Mailing List' Subject: RE: How can I make my logout page not secure? I was just curious as to why someone would want the logout process unprotected that was all - I didn't mean anything by it. Perhaps we should stop speculating and wait for the original poster to pipe up :) >-----Original Message----- >From: Cliff Rowley [mailto:[EMAIL PROTECTED]] >Sent: 23 September 2002 12:08 >To: 'Struts Users Mailing List' >Subject: RE: How can I make my logout page not secure? > > >Then surely it'd work properly? If the user is logged in, the >logout wont be protected and it can log them out along the way >.. If they're not logged in, they'll get thrown a login screen >.. Right? > >>-----Original Message----- >>From: Andrew Hill [mailto:[EMAIL PROTECTED]] >>Sent: 23 September 2002 12:01 >>To: Struts Users Mailing List >>Subject: RE: How can I make my logout page not secure? >> >> >>Perhaps his login & logout are the same action both forwarding >>to the login screen, and if already logged in, logging out >>along the way? >> >>-----Original Message----- >>From: Cliff Rowley [mailto:[EMAIL PROTECTED]] >>Sent: Monday, September 23, 2002 18:54 >>To: 'Struts Users Mailing List' >>Subject: RE: How can I make my logout page not secure? >> >> >>Out of pure interest, why do you want logout unprotected? >>People who are logged out wont need to log out, will they? >> >>>-----Original Message----- >>>From: Michael [mailto:[EMAIL PROTECTED]] >>>Sent: 23 September 2002 09:40 >>>To: [EMAIL PROTECTED] >>>Subject: How can I make my logout page not secure? >>> >>> >>>I'm using J2EE container managed security (in Tomcat). I set >>up a rule >>>to protect all *.do actions. The problem is my logout.do is >>protected >>>as well! >>> >>>In my web.xml I have: >>> >>> <security-constraint> >>> <web-resource-collection> >>> <web-resource-name>All DO</web-resource-name> >>> <url-pattern>*.do</url-pattern> >>> <http-method>GET</http-method> >>> <http-method>POST</http-method> >>> </web-resource-collection> >>> <auth-constraint> >>> <role-name>*</role-name> >>> </auth-constraint> >>> </security-constraint> >>> >>>And then I use struts to set the security roles for each action. >>>Although my logout action doesn't have any security roles, the above >>>config in the web.xml requires a user to be authenticated before >>>executing an action. >>> >>>What can I do to unprotect my logout action? >>> >>> >>> >>>-- >>>To unsubscribe, e-mail: >>><mailto:struts-user->[EMAIL PROTECTED]> >>>For >>>additional commands, >>>e-mail: <mailto:[EMAIL PROTECTED]> >>> >>> >> >> >>-- >>To unsubscribe, e-mail: >><mailto:struts-user->[EMAIL PROTECTED]> >>For >>additional commands, >>e-mail: <mailto:[EMAIL PROTECTED]> >> >> >>-- >>To unsubscribe, e-mail: >><mailto:struts-user->[EMAIL PROTECTED]> >>For >>additional commands, >>e-mail: <mailto:[EMAIL PROTECTED]> >> >> > > >-- >To unsubscribe, e-mail: ><mailto:struts-user->[EMAIL PROTECTED]> >For >additional commands, >e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
