struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Hill" <andrew.david.h...@gridnode.com>
Subject RE: How can I make my logout page not secure?
Date Mon, 23 Sep 2002 11:01:02 GMT
Perhaps his login & logout are the same action both forwarding to the login
screen, and if already logged in, logging out along the way?

-----Original Message-----
From: Cliff Rowley [mailto:cliff@onsea.net]
Sent: Monday, September 23, 2002 18:54
To: 'Struts Users Mailing List'
Subject: RE: How can I make my logout page not secure?


Out of pure interest, why do you want logout unprotected?  People who
are logged out wont need to log out, will they?

>-----Original Message-----
>From: Michael [mailto:michael@idtect.com]
>Sent: 23 September 2002 09:40
>To: struts-user@jakarta.apache.org
>Subject: How can I make my logout page not secure?
>
>
>I'm using J2EE container managed security (in Tomcat).  I set
>up a rule to protect all *.do actions.  The problem is my
>logout.do is protected as well!
>
>In my web.xml I have:
>
>  <security-constraint>
>    <web-resource-collection>
>      <web-resource-name>All DO</web-resource-name>
>      <url-pattern>*.do</url-pattern>
>      <http-method>GET</http-method>
>      <http-method>POST</http-method>
>    </web-resource-collection>
>    <auth-constraint>
>      <role-name>*</role-name>
>    </auth-constraint>
>  </security-constraint>
>
>And then I use struts to set the security roles for each
>action. Although my logout action doesn't have any security
>roles, the above config in the web.xml requires a user to be
>authenticated before executing an action.
>
>What can I do to unprotect my logout action?
>
>
>
>--
>To unsubscribe, e-mail:
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For
>additional commands,
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message