Below is my config.
Also, I am getting Hello, <bean:write name="req" property="remoteUser" />
to show up in my JSPs which means the call to the SecurityFilter
authenticate()is working in my JSPs why wouldn't the isUserInRole() ??
web.xml
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
security-filter.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Authorized-only</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
I have already taken this over to the SecurityFilter forum. I'm not
convinced yet if it is Security Filter or something so if you know from the
new info about my config then let me know.
What I am tring to do is list no roles in the config files and just on the
fly use Struts <logic:present role="Admin">...</logic:present> and Struts
Action roles (attribute) while SecurityFilter does the call to get the
user's roles on the fly to do all my security. Bare minimum in text files!
I am close. Like I said actions work but JSPs don't.
Thanks.
-----Original Message-----
From: Alex Shneyderman [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 3:21 PM
To: 'Struts Users Mailing List'
Subject: RE: [OT] isUserInRole problem
It is not clear form your email if your JSPs under SecurityFilter's
mapping?
So if you have mapping like this
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/do/*</url-pattern>
</filter-mapping>
and access your jsp like this:
/index.jsp
It is correct behavior then.
Alex.
> -----Original Message-----
> From: Bailey, Shane C. [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 24, 2003 3:01 PM
> To: [EMAIL PROTECTED]
> Subject: [OT] isUserInRole problem
>
>
>
> The strangest thing is happening. To set it up: I am using JRun4 and
> SecurityFilter
>
> If any type of code (e.g. <logic:present role="Admin"> ,
<req:isUserInRole
> role="Admin"> etc.) tries to do a call which eventually goes
>
> to the SecurityFilter method isUserInRole(principle,role) from within
a
> JSP
> then I it always returns false and my logging statements in
>
> my SecurityFilter method aren't called (i.e. it doesn't go in there I
> guess).
>
>
>
> But if I do a request.isUserInRole("Admin") from within an Action then
it
> returns the correct result.
>
>
>
> Has anyone seen this before?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
