I use the Tomcat. I configured the Tomcat JDBCRealm
so that I can use programmic security testing, such as
isUserInRole(), in my program.
Because Tomcat JDBCRealm is form based, I inserted the
<login-config> and its sub-elements in my web.xml file
(see below). As we know, the <form-login-page> and
<form-error-page> are required.
My question is that the container-managed
authentication does not seem to be consistent with
what we usually do in struts; e.g. we state the
logical name and path for each .jsp page in the
struts-config.xml file.
What is the Struts convention in dealing with user
authentication? Should we specify the paths for the
logon page and error page in the struts.config.xml or
we should use the <form-login-page> and
<form-error-page> in the web.xml file?
======================================================
<security-constraint>
<web-resource-collection>
<web-resource-name>SalesInfo</web-resource-name>
<url-pattern>/SalesInfo/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/authentication/login.html</form-login-page>
<form-error-page>/authentication/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
