struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gus <>
Subject Re: SecurityFilter and Struts modules
Date Tue, 17 Sep 2002 15:02:48 GMT
Max Cooper schrieb:
> I am not sure if this made it through before as it came up as a
> "recovered file" when I restarted my mail client. Sorry if this is a
> duplicate...

It was no duplicate - thanks for mailing again and for your hint.
After putting all security stuff in securityfilter-config.xml the 
error message is gone and authentication works.

The only thing I have to ask you again is a redirection which won't 
work as expected:
As I already told the login form is on every page. When I use the 
login form from the sub-app url
I'll get the error:
17.09.2002 16:55:03 org.apache.commons.logging.impl.Jdk14Logger error
FATAL: Invalid path /mainapp/subapp/docpool/showdocs was requested

I assume this has something to do with the sub-app because the correct 
redirection has to go to /showdocs which struts will translate to the 
above url.

Is there a solution to this problem?
(I'm using Tomcat 4.0.4 on Win2K, struts 1.1b1, security-filter 1.0b3)


> Gus, 
> That message seems to be coming from the web container (app server),
> which most likely means that you have configured your web app to use
> container based security. SecurityFilter is intened to be a replacement
> for container based security, so you need to turn container security off
> to use it. Cut and paste the security-related items from you web.xml
> into securityfilter-config.xml. There should be no security-related
> configuration items left in web.xml. 
> The other possibility is that the server does not allow any requests to
> j_security_check with container security on or off. If this seems to the
> case, what server are you using? 
> -Max 
> On Sun, 2002-09-15 at 23:41, gus wrote: 
>>I'm trying to use SecurityFilter in a Struts application with modules 
>>(sub-apps) while the login form is on every page of the whole application.
>>While in the main app authentication is fine. But when I try to submit 
>>the j_security_check form in one of the modules I receive the 
>>following error:
>>Configuration error: Cannot perform access control without an 
>>authenticated principal
>>Do you have any hints on that behaviour?
>>   gus

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message