Hi Dan, I haven't played with using Struts actions for the form-login-page and form-error-page pages very much. No action will be called when the form submits to j_security_check, which is processed by the filter, much like the container does when using container-managed security.
However, you may be able to make use of a Struts ActionForm so that the page will be populated as desired for the form-login-page, and especially for the form-error-page pages. Specficially, if the submit to j_security_check fails, the filter will forward to your form-error-page, so if you have that setup to use an ActionForm with j_username and j_password fields, they should be populated by Struts for use in your Action the JSP it probably forwards to. I know that SecurityFilter isn't documented very well, but I designed it to be as close to a drop-in replacement for container-managed security as possible, so for the most part you can use it just like container-managed security. The main exceptions are that the security constraints go in a different file (securityfilter-config.xml instead of web.xml) and you can specify a default page to support users sending login form submittals without being sent there by the filter (container-managed security does not support this). At runtime, it behaves just like container-managed security from the perspective of your application. What works with container-managed security should work with securityfilter. -Max ----- Original Message ----- From: "Dan Allen" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, March 09, 2003 2:26 PM Subject: Re: SecurityFilter with Struts Form > > Hi Dan > > > > You dont need to configure struts config on security issue. > > Configure all your page level security check in your > > securityfilter config file. That is the beauty. > > Right, I understand that. My question relates more to the form > itself and the struts taglibs. This is really apart from any > actual security. The question stands, is it possible to use > <html:form> for the login form and not have it throw an error that > it cannot find the associated action when using the attribute > "action" or do we just create a regular old html form. > > Dan > > -- > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Daniel Allen, <[EMAIL PROTECTED]> > http://www.mojavelinux.com/ > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Real programmers don't change their wardrobe too often: there > are no clothes stores that are open at two o'clock in the morning. > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
