struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cliff Rowley" <cl...@onsea.net>
Subject RE: How can I make my logout page not secure?
Date Mon, 23 Sep 2002 10:54:13 GMT
Out of pure interest, why do you want logout unprotected?  People who
are logged out wont need to log out, will they?

>-----Original Message-----
>From: Michael [mailto:michael@idtect.com] 
>Sent: 23 September 2002 09:40
>To: struts-user@jakarta.apache.org
>Subject: How can I make my logout page not secure?
>
>
>I'm using J2EE container managed security (in Tomcat).  I set 
>up a rule to protect all *.do actions.  The problem is my 
>logout.do is protected as well! 
>
>In my web.xml I have:
>
>  <security-constraint>
>    <web-resource-collection>
>      <web-resource-name>All DO</web-resource-name>
>      <url-pattern>*.do</url-pattern>
>      <http-method>GET</http-method>
>      <http-method>POST</http-method>
>    </web-resource-collection>
>    <auth-constraint>
>      <role-name>*</role-name>
>    </auth-constraint>
>  </security-constraint>
>
>And then I use struts to set the security roles for each 
>action. Although my logout action doesn't have any security 
>roles, the above config in the web.xml requires a user to be 
>authenticated before executing an action.
>
>What can I do to unprotect my logout action?
>
>
>
>--
>To unsubscribe, e-mail:   
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For 
>additional commands, 
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message