Sorry, that's what I meant. It's a forward. Not a redirect. How do I apply my security to /pages/* in this case?
Shawn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig McClanahan Sent: Friday, February 10, 2006 1:35 PM To: Struts Users Mailing List Subject: Re: security struts action servlet On 2/10/06, Garner, Shawn <[EMAIL PROTECTED]> wrote: > > I was messing around with security in the web.xml and tried to implement > authorization restrictions with the struts-blank.war. > > I put restrictions on the /pages/* directory. > > Funny thing is that it seems that since the index.jsp does a redirect to > the > pages directory and the action servlet does the mapping from welcome.do to > /pages/Welcome.jsp that I am not prompted for a username and password. Are you sure it's doing a redirect? If this were a forward, the symptom you described would be the expected behavior, since security constraints are only applied on the original request. Craig But if I literally type in /pages/Welcome.jsp into the browser it prompts me > for a password. > > I read the servlet api but I couldn't find much to do with servlet > security. > > > > I wasn't sure how to get my action servlet to obey the /pages/* security > rule too. > > > > Any help? > > > > Shawn > > > > **************************************************************************** > This email may contain confidential material. > If you were not an intended recipient, > Please notify the sender and delete all copies. > We may monitor email to and from our network. > > **************************************************************************** > > **************************************************************************** This email may contain confidential material. If you were not an intended recipient, Please notify the sender and delete all copies. We may monitor email to and from our network. **************************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
