struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cliff Rowley" <cl...@onsea.net>
Subject RE: How can I make my logout page not secure?
Date Mon, 23 Sep 2002 11:13:57 GMT
I was just curious as to why someone would want the logout process
unprotected that was all - I didn't mean anything by it.  Perhaps we
should stop speculating and wait for the original poster to pipe up :)

>-----Original Message-----
>From: Cliff Rowley [mailto:cliff@onsea.net] 
>Sent: 23 September 2002 12:08
>To: 'Struts Users Mailing List'
>Subject: RE: How can I make my logout page not secure?
>
>
>Then surely it'd work properly?  If the user is logged in, the 
>logout wont be protected and it can log them out along the way 
>.. If they're not logged in, they'll get thrown a login screen 
>.. Right?
>
>>-----Original Message-----
>>From: Andrew Hill [mailto:andrew.david.hill@gridnode.com]
>>Sent: 23 September 2002 12:01
>>To: Struts Users Mailing List
>>Subject: RE: How can I make my logout page not secure?
>>
>>
>>Perhaps his login & logout are the same action both forwarding
>>to the login screen, and if already logged in, logging out 
>>along the way?
>>
>>-----Original Message-----
>>From: Cliff Rowley [mailto:cliff@onsea.net]
>>Sent: Monday, September 23, 2002 18:54
>>To: 'Struts Users Mailing List'
>>Subject: RE: How can I make my logout page not secure?
>>
>>
>>Out of pure interest, why do you want logout unprotected?
>>People who are logged out wont need to log out, will they?
>>
>>>-----Original Message-----
>>>From: Michael [mailto:michael@idtect.com]
>>>Sent: 23 September 2002 09:40
>>>To: struts-user@jakarta.apache.org
>>>Subject: How can I make my logout page not secure?
>>>
>>>
>>>I'm using J2EE container managed security (in Tomcat).  I set
>>up a rule
>>>to protect all *.do actions.  The problem is my logout.do is
>>protected
>>>as well!
>>>
>>>In my web.xml I have:
>>>
>>>  <security-constraint>
>>>    <web-resource-collection>
>>>      <web-resource-name>All DO</web-resource-name>
>>>      <url-pattern>*.do</url-pattern>
>>>      <http-method>GET</http-method>
>>>      <http-method>POST</http-method>
>>>    </web-resource-collection>
>>>    <auth-constraint>
>>>      <role-name>*</role-name>
>>>    </auth-constraint>
>>>  </security-constraint>
>>>
>>>And then I use struts to set the security roles for each action.
>>>Although my logout action doesn't have any security roles, the above 
>>>config in the web.xml requires a user to be authenticated before 
>>>executing an action.
>>>
>>>What can I do to unprotect my logout action?
>>>
>>>
>>>
>>>--
>>>To unsubscribe, e-mail:
>>><mailto:struts-user->unsubscribe@jakarta.apache.org>
>>>For
>>>additional commands,
>>>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>>>
>>>
>>
>>
>>--
>>To unsubscribe, e-mail:
>><mailto:struts-user->unsubscribe@jakarta.apache.org>
>>For 
>>additional commands, 
>>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>>
>>
>>--
>>To unsubscribe, e-mail:   
>><mailto:struts-user->unsubscribe@jakarta.apache.org>
>>For
>>additional commands, 
>>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>>
>>
>
>
>--
>To unsubscribe, e-mail:   
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For 
>additional commands, 
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message