Tks for your answer. Now I understood what's happing (I hope so) ...
I have a "multipart/form-data" and it has in its action a forward to a common text form, like:
<forward name="List" redirect="true" path="/list.do"/>
I believe when it reaches the redirect="true", Struts clear the
request attributes and lost my user. So I have the authentication & authorization problem that you advised me. Am I right ? I really need to have the parameter "redirect" because without
it I have the MulpartIterator error.
How could I workaround this situation ? Is possible to matain the user after the redirect ?
And what about setting the roles for my actions ? I could simply do :
<action path="/upload" type="com.ecommerce.album.PhotoUploadAction" name="uploadForm" scope="request" validate="true" role="user" <<<<<<<<<<<< Here ? input="/album/upload.jsp">
Thanks in advance and regards ... Michel.
I am still not sure what security mechanism you are using, but if you are working with tomcat's (or whichever server's) container-managed security, a user login will set up a session for the user with an ID, the user name and the user roles. These are accessible via the request or session object.
They won't be lost if you do a redirect.
The action mapping's role attribute will only work like your example above if you are using this. If you have a manually coded login module for security, it won't work.
So your user object which you lose during a redirect is actually not something you can use for the struts authorization, only for your own purposes.
You should set up your user object by getting the login name from the request as I mentioned above, and you should store it in the session, so it won't be lost between requests.
Good luck, Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
