I installed the latest fix pack for WebSphere, bringing my version up to 6.1.0.21 and it did the trick. The Web container authentication now works as I expected it to.
Thanks for the feedback. Pete. pblatner wrote: > > I don't see how this fix applies to the problem I mentioned below: > http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK31377 > > The text there doesn't say anything about resolving an issue where > WebSphere doesn't seem to be recognizing servlet filters as resources to > secure using web container authentication. > > > Musachy Barroso wrote: >> >> Just as a reference, there is a ticket open for this: >> >> https://issues.apache.org/struts/browse/WW-2642 >> >> musachy >> >> On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <struts...@yahoo.ca> wrote: >>> >>> There is a problem running Struts 2.1.6 on Websphere when security is >>> enabled. The case happens when url is an action not a resource like jsp >>> or html. Refer to JIRA WW-2642 that I opened almost a year ago. >>> >>> I was hoping that Apache group can get their hands on Websphere to >>> verify the issue but it seems like a distant probability as I have not >>> heard any news on that for sometime. >>> >>> But on the bright site, there may be some good news on this soon. As I >>> had to locate WAS L3 support in person and I am working with them on >>> this issue [though the pace is slow]. >>> >>> Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight >>> variation. If this is determined to be a Websphere problem with WAS 6.1. >>> Then I have a stronger case to press issue for WAS 7.0. >>> >>> --- On Mon, 3/16/09, pblatner <pblat...@gmail.com> wrote: >>> >>>> From: pblatner <pblat...@gmail.com> >>>> Subject: Re: Struts 2 Container Security problem >>>> To: user@struts.apache.org >>>> Received: Monday, March 16, 2009, 9:05 PM >>>> >>>> I have tried to do the exact thing that Jeromy suggests >>>> below with 2 >>>> packages. And then in the web.xml specify a security >>>> constraint with the >>>> URL pattern "/protected/*". After doing so, I am not >>>> getting the result >>>> that I think I should be. >>>> >>>> When issuing a request for my action at >>>> "http://localhost/MyApp/protected/HomeAction";, the >>>> container is not >>>> intercepting and challenging me with my logon.html page. >>>> >>>> Anyone know why this isn't working? >>>> >>>> The struts 2 servlet-filter pattern is "/*".. It seems >>>> pretty obvious that >>>> the struts 2 servlet filter is responding to the first part >>>> of the URL: >>>> "http://localhost/MyApp/*"; and the container isn't >>>> seeing that as a secured >>>> resource. >>>> >>>> Am I missing a configuration pattern somewhere that tells >>>> the container to >>>> inspect the full URL before allowing the servlet filter to >>>> process it? >>>> >>>> My deployment environment is WebSphere 6.1. Are there >>>> any incompatibilities >>>> between WebSphere 6.1 and struts 2 that could be causing >>>> this? >>>> >>>> Thanks, >>>> Pete. >>>> >>>> >>>> Jeromy Evans - Blue Sky Minds wrote: >>>> > >>>> > In struts.xml, the namespace given to your package >>>> needs be in >>>> > /protected as well. >>>> > eg. <package name="myPackage" >>>> namespace="/protected"> >>>> > Otherwise, as you've seen, it's available in the root >>>> of the >>>> > application's context path. >>>> > >>>> > I usually split my struts2 application into at least >>>> two packages: >>>> > <package name="public" namespace="/"> ... >>>> > <package name="secure" namespace="/protected"> >>>> > >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html >>>> Sent from the Struts - User mailing list archive at >>>> Nabble.com. >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>> For additional commands, e-mail: user-h...@struts.apache.org >>>> >>>> >>> >>> >>> __________________________________________________________________ >>> Instant Messaging, free SMS, sharing photos and more... Try the new >>> Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/ >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>> For additional commands, e-mail: user-h...@struts.apache.org >>> >>> >> >> >> >> -- >> "Hey you! Would you help me to carry the stone?" Pink Floyd >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> > > -- View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22568026.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
