Hi ,
I am newbie to Struts2. I have the following issue while configuring the
container managed security in Struts2 with Websphere Application Server 6.1.
..Need urgent assistance Please...
Issue:
--------
I want to secure my web application using Container managed security by
using Websphere Application Server6.1. Secured all the URLs by placing a
security constraint and map the relevant users/groups in my web.xml.But the
security credentials are not propagated to the LoginAction class.when i
print the request.getRemoteUser() it gives null.Where as the same works 100%
fine in TOMCAT server.
Entries in web.xml
------------------
<filter>
<filter-name>struts</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<security-constraint>
<display-name>
secconst12</display-name>
<web-resource-collection>
<web-resource-name>secweb1234</web-resource-name>
<url-pattern>*.action</url-pattern>
<url-pattern>/*</url-pattern>
<url-pattern>*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>
secAuthConst12</description>
<role-name>secrole12</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DirRealm</realm-name>
</login-config>
<security-role>
<role-name>secrole12</role-name>
</security-role>
Entries in struts.xml
---------------------
<struts>
<!-- Include webwork default (from the Struts JAR). -->
<include file="struts-default.xml"/>
<package name="default" extends="struts-default">
<action name="login" class="com.xxx.xxx.action.LoginAction" >
<result name="load" >success.jsp</result>
</action>
</package>
</struts>
LoginAction.java
----------------
public class LoginAction
{
...........
...........
...........
public String execute()
{
HttpServletRequest request = ServletActionContext.getRequest();
System.out.println("req.getRemoteUser() : " +
request.getRemoteUser()); //
Prints null
System.out.println("username : " +
request.getParameter("userName"));
return "load";
}
}
Below are the approaches what i've tried so far:
-----------------------------------------------
Approach 1:
Converted the Same application to Struts1.2 and deployed it in Websphere
Application Server 6.1
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 2:
Deployed the same struts2 application in ApacheTomcat 6.0.14
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 3:
Deployed the same struts2 application in Websphere Application Server 6.1
Output:
Not able to get the remoteUser in LoginAction.It prints null.
Am i missing anything fundamentally.Please let us know what would be
required to be done to make it work.
--
View this message in context:
http://www.nabble.com/Security-credentials-are-not-propogated-to-Actionclass-in-Struts2-tf4298249.html#a12234106
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
