Ok seems like it is not working well at all.
Me login is logging me in ok. But it seems like neither me web.xml or my
struts actions is looking in me roles.
I have a admin user wdkmaol, that has the admin role. To test things I
made this code in the login action:
**************************************************
Subject testsub = lc.getSubject();
Set testset = testsub.getPrincipals();
Iterator ite = testset.iterator();
while (ite.hasNext()){
System.out.println("CYKLE CYKLE:
"+ite.next().toString());
}
***************************************************
This prints out:
***************************************************
CYKLE CYKLE: wdkmaol
CYKLE CYKLE: Roles(members:admin)
***************************************************
So I should be in the right role.
Then I put this in me web.xml:
***************************************************
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/HelpDesk/bruger/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
***************************************************
But there is no problem going to ****/HelpDesk/bruger/adduser, as the admin.
Last but not least I didt this in some action's to test:
***************************************************
<action path="/DB/home"
type="wilson.helpdesk.actions.menu.ToDbAction"
roles="admin">
<forward name="home"
path=".dbcontrol.welcome"
redirect="false"/>
</action>
***************************************************
When I try to access this it comes back with:
***************************************************
User is not authorized to access action /DB/home
***************************************************
Even thow Im in the admin role.
Im I missing something??
I followed this howto, to get it work:
http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1
Vance Karimi wrote:
I use xdoclet and since Struts 1.1 you can do something like this in your
Action class where you can specify the list of Roles that have access to
this action.
/**
* @struts.action
* name="CustomerCreateForm"
* path="/operator/customers/customer/CustomerAddAction"
* input="/operator/customers/customer/CustomerCreatePage.jsp"
* scope="request"
* validate="true"
* roles = "Admin,Operator"
...
However I have settled for declarative security with JBossSX and define the
context relative URLs to protect with specified roles in my web.xml. But I
presume you are doing this anyway if using JBossSX.
-----Original Message-----
From: news [mailto:[EMAIL PROTECTED] On Behalf Of marc
Sent: Friday, 3 June 2005 10:03 PM
To: user@struts.apache.org
Subject: Re: How do I use JAAS(JbossSX) in Struts?
Yeah looks cool and works with Velocity. I'm working on getting it to
work in me project.
But I still need to have access controls on me different action's.
Vance Karimi wrote:
Have a look at the Struts Menu plugin
http://struts-menu.sourceforge.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
