----- Original Message ----- From: "struts Dude" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, August 29, 2004 5:36 PM Subject: SecurityFilter Question?
> Hi > > Can someone give me a few pointers on using SecurityFilter > with Struts? This can save me potentially hrs of debugging. > > My securityfilter-config.xml is: > > <?xml version="1.0" encoding="ISO-8859-1"?> > > <!DOCTYPE securityfilter-config PUBLIC > "-//SecurityFilter.org//DTD Security Filter Configuration 1.1//EN" > "http://www.securityfilter.org/dtd/securityfilter-config_1_1.dtd";> > > <securityfilter-config> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Admin Page</web-resource-name> > <url-pattern>/admin/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > <security-constraint> > <web-resource-collection> > <web-resource-name>User Page</web-resource-name> > <url-pattern>/user/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/WEB-INF/pages/Login.jsp</form-login-page> > <form-error-page>/WEB-INF/pages/error.jsp</form-error-page> > <form-default-page>/index.jsp</form-default-page> > </form-login-config> > </login-config> > > <realm className="app.IbatisSecurityRealm"> > <realm-param name="exampleProperty" value="it works!" /> > </realm> > > </securityfilter-config> > > Now my struts-config.xml has something like > > <action path="/LogAction" > type="app.LogAction" > name="logonForm" > scope="request" > input="/WEB-INF/pages/Logon.jsp" > parameter="action" > validate="false"> > <forward > name="success" > path="/WEB-INF/pages/Welcome.jsp"/> > </action> > > > And the path of every action in struts-config.xml will be > prefixed with either /admin/ or /user/ except for > those actions that forwards to Home page, login and > free info JSP page. > > Now Login.jsp has a submit button that will invoke LogAction, > which will put a User bean in Session once user is validated. > Just found out I have to use action="j_security_check" in <form ...> tag. So how do I make sure user bean is added to Session within LogAction once authentication by SecurityFilter is success??? I would like to invoke SecurityFilter authentication before user hits a restricted page and is redirected to login page , i.e. say have login form in front page or every non-restricted page. > > Thanks > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
