Eric, You want to secure actions based on the URI. Perhaps you want all paths starting with /secure to be under HTTPS. Under that scenario, you would install a servlet filter which would check for this path and force authentication.
Check out www.acegisecurity.org for a great security library. Paul On 10/5/07, Givler, Eric <[EMAIL PROTECTED]> wrote: > > If I create multiple struts configurations, do my actions end up having > the prefix in the path, so that they could be secured? > ie. > > <action path="/secure/Main_Menu" > name="Dummy_Form" > input="/Main_Menu.jsp" > parameter="default=setup" > type="view.struts.actions.secure.Main_Menu_Action" > validate="false"> > <forward name="success" path="/secure/Main_Menu.jsp" /> > </action> > > OR, is it that the path is part of the directory where the file is stored > (the input attribute of the action or the forward), and the action's path > simply contains a name? > > ie. > > <action path="/Main_Menu" > name="Dummy_Form" > input="/Main_Menu.jsp" > parameter="default=setup" > type="view.struts.actions.secure.Main_Menu_Action" > validate="false"> > <forward name="success" path="/secure/Main_Menu.jsp" /> > </action> > > If I create the second action in struts-config-secure.xml, will other > actions need a /secure/ prefix in the path like the forward below this? > > > That's kind of why I asked the original question - I wasn't sure how to > proceed with it, and it seems like Struts modules is the solution. However, > after spending some time with the modules, I ran into issues with it being > able to see images, css files, pages from the global-exceptions entry if > within a subsystem, links on certain pages if they are specific to a module > and not defined there, links to html files in the root context. I also read > through numerous threads on people trying to store entries in WEB-INF and > having issues with modules. What it all boils down to is what I'm asking > here: > > How do I have three sets of code and set this up with a multiple config > file with some parts secure, some not, and a section reusable by both: > > 1. ExternalBusinessPartners (needs to be sured) > 2. ExternalAnonymous (no security required) > 3. Common > > I'd really appreciate any additional help anyone can provide. > > Thanks again, > > Eric > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Paul Benedict > Sent: Sunday, September 30, 2007 8:39 PM > To: Struts Users Mailing List > Subject: Re: [s1.35] Need help with Struts and Modules > > > Get rid of modules. They aren't worth the hassle. You can easily split up > your struts config without using modules. > > On 9/28/07, Givler, Eric <[EMAIL PROTECTED]> wrote: > > > > Can anyone assist with this? > > > > -----Original Message----- > > From: Givler, Eric [mailto:[EMAIL PROTECTED] > > Sent: Saturday, September 22, 2007 1:25 AM > > To: user@struts.apache.org > > Subject: [s1.35] Need help with Struts and Modules > > > > > > Hello, > > > > Let me just say that I'm struggling at times writing my first production > > Struts application. The issue that I'm trying to wrestle with now is > that > > part of the application requires security, and part of it should allow > > general access to the public. This sounds like a case for modules (I > > think). So, I separated the code into a main folder, and then two other > > folders (the secure, and another subsystem which is not secure). > > > > If I need to have the unprotected system and the protected system SHARE > > some code as well, I'm assuming I have to keep that in the default > module, > > since otherwise, a security constraint would pop up when the > unauthenticated > > user tried to hit those pages. If I'm in the authenticated module and I > > want to start a process that's defined in my default module, how would I > do > > that? > > > > That is, would it be as simple as adding a link to my JSP in my auth'd > app > > pointing back to the unauth'd: > > <html:link module="" path="/StartApp.do" >Start an application > > process</html:link> > > > > Now, I have two users running app entry (one auth'd and one not). If > they > > start an application and cancel it, they should return to their > prospective > > "subsystem". What am I setting up in my struts-config.xml file(s) to > > handle this, and then in my action class? Can you be specific on this > (with > > an example of code)? > > > > I really appreciate any help on this one - Thanks much, > > > > Eric > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
