Hi !
Tks for your answer. Now I understood what's happing (I hope so) ...
I have a "multipart/form-data" and it has in its action a forward to
a common text form, like:
<forward name="List" redirect="true" path="/list.do"/>
I believe when it reaches the redirect="true", Struts clear the
request attributes and lost my user. So I have the authentication
& authorization problem that you advised me. Am I right ?
I really need to have the parameter "redirect" because without
it I have the MulpartIterator error.
How could I workaround this situation ? Is possible to matain the
user after the redirect ?
And what about setting the roles for my actions ? I could simply
do :
<action path="/upload"
type="com.ecommerce.album.PhotoUploadAction"
name="uploadForm"
scope="request"
validate="true"
role="user" <<<<<<<<<<<< Here ?
input="/album/upload.jsp">
Thanks in advance and regards ...
Michel.
-----Mensagem original-----
De: Adam Hardy [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 10 de outubro de 2003 11:43
Para: Struts Users Mailing List
Assunto: Re: Struts and Tomcat JDBC Realms
On 10/10/2003 01:46 PM Michel Bertrand wrote:
> Hi all !
>
> I was woundering about using Struts in Tomcat with JDBC Realms.
>
> I found lots of topics about Strunts and Realms but using policy files
> and I did not find any question or topic involving struts and JDBC Reals.
>
> Does struts support the use of JDBC Realms in Tomcat ? I don't intent
> to use it to proctect my Actions, but to protect my "jsp" pages under
> some specific app directories.
>
> I tried to implement this running Tomcat in Security Mode but I have
> some SecurityExceptions in some actions. Is it common ? Could I
> solve it setting priviledges to struts.jar in my catalina.policy ?
>
> And so, does anybody implemented Struts + JDBC Realms + Tomcat ?
Yes, many people do! Using a tomcat realm for authentication with
standard security-constraints is not normally problematic.
Setting up struts to make use of realm authorization (for roles) is
child's play (as long as your database contains the roles & links to the
users). Just put the "role" attribute in the action mapping in the config.
Where & when are you getting these exceptions? Also, policy files don't
need to come into it at all. Doing anything with priviliges to
struts.jar is something I've never heard of. I think you are coming to
the subject with a mindset for a different type of authentication &
authorization system - what you require from tomcat & struts is not too
complex.
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
