I have tried to do the exact thing that Jeromy suggests below with 2 packages. And then in the web.xml specify a security constraint with the URL pattern "/protected/*". After doing so, I am not getting the result that I think I should be.
When issuing a request for my action at "http://localhost/MyApp/protected/HomeAction";, the container is not intercepting and challenging me with my logon.html page. Anyone know why this isn't working? The struts 2 servlet-filter pattern is "/*". It seems pretty obvious that the struts 2 servlet filter is responding to the first part of the URL: "http://localhost/MyApp/*"; and the container isn't seeing that as a secured resource. Am I missing a configuration pattern somewhere that tells the container to inspect the full URL before allowing the servlet filter to process it? My deployment environment is WebSphere 6.1. Are there any incompatibilities between WebSphere 6.1 and struts 2 that could be causing this? Thanks, Pete. Jeromy Evans - Blue Sky Minds wrote: > > In struts.xml, the namespace given to your package needs be in > /protected as well. > eg. <package name="myPackage" namespace="/protected"> > Otherwise, as you've seen, it's available in the root of the > application's context path. > > I usually split my struts2 application into at least two packages: > <package name="public" namespace="/"> ... > <package name="secure" namespace="/protected"> > -- View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
