Hi David
I did do that ...
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>father</web-resource-name>
> <description>Security</description>
> <url-pattern>/father/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/auth.do</form-login-page>
> <form-error-page>/admin/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
>
> and my authentication is diverted to an action class which carries out the
actual checking.
Here is auth.jsp that calls the AuthAction
<html:form action="authAction">
> <TABLE width="100%" border="0" cellspacing="0" cellpadding="5">
> <TR align="center">
> <TD align="right" class="Prompt"></TD>
> <TD align="left">
> <html:text property="j_username"
> maxlength="20"></html:text>
> </TD>
> </TR>
> <TR align="center">
> <TD align="right" class="Prompt">Username</TD>
> <TD align="left">
> <html:text property="j_password"
> maxlength="20"></html:text><BR>
> </TD>
> </TR>
> <TR align="center">
> <TD align="right" class="Prompt">Password</TD>
> <TD align="left">
> <html:submit value="Login"></html:submit>
> </TD>
> </TR>
> </TABLE>
> </html:form>
>
the action class is here
public ActionForward execute(ActionMapping mapping, ActionForm form,
> HttpServletRequest request, HttpServletResponse response) throws Exception {
>
> String username = ((DynaActionForm)form).getString("j_username");
> String password = ((DynaActionForm)form).getString("j_password");
> System.out.println("Authentication execute called");
> try {
>
> SecurityAssociationHandler handler = new
> SecurityAssociationHandler();
> SimplePrincipal user = new SimplePrincipal(username);
> handler.setSecurityInfo(user, password.toCharArray());
> LoginContext loginContext = new LoginContext("example",
> (CallbackHandler) handler);
> loginContext.login();
> Subject subject = loginContext.getSubject();
> System.out.println("Subject--> " + subject.toString());
> Set<Principal> principals = subject.getPrincipals();
> principals.add(user);
>
> request.getSession(false).setAttribute("login",subject);
> } catch (LoginException e) {
> // TODO: handle exception
> System.out.println("LoginException");
> return mapping.findForward("error");
> }
> return mapping.findForward("father");
> }
>
>
and it works fine. Each time a request comes to url /father/* the
auth.jspis called, even if I was authorised the first time.
Meaning I have to authenticate myself every time I acess anything in
/father/ . how do i get over this behaviour and only authenticate my self
only once...
thnks for any help
On 3/14/06, David Delbecq <[EMAIL PROTECTED]> wrote:
>
> Do it like you would for any servlet. Either apply a security constraint
> to struts servlet itself or apply security constraints to url path
> (applying a security constraint to /admin/* applies also to
> /admin/someStrutsAction.do)
>
> Jubin Kuriakose a écrit :
>
> >Hi all
> >Can ayone give me links related to implemnting security-contraints(from
> >web.xml) and struts together. I googled without any success.
> >
> >thnx jubs
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
