Hi!
I have a problem with my login.pages. They are supposed to only be reachable
through ssl. But it seems like struts is ignoring the config in web.xml
about having the pages secure
(<transport-guarantee>CONFIDENTIAL</transport-guarantee>). (The full
security-constraint is posted in the end)
Right now I'm using the tomcat built in security that filters out the not
authenticated users and redirect them to the login-page. Is it possible to
solve this in struts or do I have to find other ways, eg put the whole
application as CONFIDENTIAL?
Thanks in advance
Roland Carlsson
-----security constraint from web.xml-----------
<security-constraint>
<display-name>AQMFiles 02</display-name>
<web-resource-collection>
<url-pattern>/login.jsp</url-pattern>
<url-pattern>/error.jsp</url-pattern>
<url-pattern>j_security_check</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>AQMFiles 01</display-name>
<web-resource-collection>
<url-pattern>/pages/*</url-pattern>
<url-pattern>/env/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
