Just as a reference, there is a ticket open for this: https://issues.apache.org/struts/browse/WW-2642
musachy On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <struts...@yahoo.ca> wrote: > > There is a problem running Struts 2.1.6 on Websphere when security is > enabled. The case happens when url is an action not a resource like jsp or > html. Refer to JIRA WW-2642 that I opened almost a year ago. > > I was hoping that Apache group can get their hands on Websphere to verify the > issue but it seems like a distant probability as I have not heard any news on > that for sometime. > > But on the bright site, there may be some good news on this soon. As I had to > locate WAS L3 support in person and I am working with them on this issue > [though the pace is slow]. > > Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight > variation. If this is determined to be a Websphere problem with WAS 6.1. Then > I have a stronger case to press issue for WAS 7.0. > > --- On Mon, 3/16/09, pblatner <pblat...@gmail.com> wrote: > >> From: pblatner <pblat...@gmail.com> >> Subject: Re: Struts 2 Container Security problem >> To: user@struts.apache.org >> Received: Monday, March 16, 2009, 9:05 PM >> >> I have tried to do the exact thing that Jeromy suggests >> below with 2 >> packages. And then in the web.xml specify a security >> constraint with the >> URL pattern "/protected/*". After doing so, I am not >> getting the result >> that I think I should be. >> >> When issuing a request for my action at >> "http://localhost/MyApp/protected/HomeAction";, the >> container is not >> intercepting and challenging me with my logon.html page. >> >> Anyone know why this isn't working? >> >> The struts 2 servlet-filter pattern is "/*".. It seems >> pretty obvious that >> the struts 2 servlet filter is responding to the first part >> of the URL: >> "http://localhost/MyApp/*"; and the container isn't >> seeing that as a secured >> resource. >> >> Am I missing a configuration pattern somewhere that tells >> the container to >> inspect the full URL before allowing the servlet filter to >> process it? >> >> My deployment environment is WebSphere 6.1. Are there >> any incompatibilities >> between WebSphere 6.1 and struts 2 that could be causing >> this? >> >> Thanks, >> Pete. >> >> >> Jeromy Evans - Blue Sky Minds wrote: >> > >> > In struts.xml, the namespace given to your package >> needs be in >> > /protected as well. >> > eg. <package name="myPackage" >> namespace="/protected"> >> > Otherwise, as you've seen, it's available in the root >> of the >> > application's context path. >> > >> > I usually split my struts2 application into at least >> two packages: >> > <package name="public" namespace="/"> ... >> > <package name="secure" namespace="/protected"> >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html >> Sent from the Struts - User mailing list archive at >> Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > > __________________________________________________________________ > Instant Messaging, free SMS, sharing photos and more... Try the new Yahoo! > Canada Messenger at http://ca.beta.messenger.yahoo.com/ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
