Tks for all ... I found the problem and it was in my code ... Regards, Michel.
-----Mensagem original----- De: Adam Hardy [mailto:[EMAIL PROTECTED] Enviada em: s�bado, 11 de outubro de 2003 08:44 Para: Struts Users Mailing List Assunto: Re: RES: Struts and Tomcat JDBC Realms On 10/10/2003 07:45 PM Michel Bertrand wrote: > Tks for your answer. Now I understood what's happing (I hope so) ... > > I have a "multipart/form-data" and it has in its action a forward to > a common text form, like: > > <forward name="List" redirect="true" path="/list.do"/> > > I believe when it reaches the redirect="true", Struts clear the > request attributes and lost my user. So I have the authentication > & authorization problem that you advised me. Am I right ? > I really need to have the parameter "redirect" because without > it I have the MulpartIterator error. > > How could I workaround this situation ? Is possible to matain the > user after the redirect ? > > And what about setting the roles for my actions ? I could simply > do : > > <action path="/upload" > type="com.ecommerce.album.PhotoUploadAction" > name="uploadForm" > scope="request" > validate="true" > role="user" <<<<<<<<<<<< Here ? > input="/album/upload.jsp"> > > Thanks in advance and regards ... > Michel. I am still not sure what security mechanism you are using, but if you are working with tomcat's (or whichever server's) container-managed security, a user login will set up a session for the user with an ID, the user name and the user roles. These are accessible via the request or session object. They won't be lost if you do a redirect. The action mapping's role attribute will only work like your example above if you are using this. If you have a manually coded login module for security, it won't work. So your user object which you lose during a redirect is actually not something you can use for the struts authorization, only for your own purposes. You should set up your user object by getting the login name from the request as I mentioned above, and you should store it in the session, so it won't be lost between requests. Good luck, Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
