struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Hill" <andrew.david.h...@gridnode.com>
Subject RE: How can I make my logout page not secure?
Date Mon, 23 Sep 2002 11:18:27 GMT
Well, not if its protected ;-)
Really I suspect he is meaning to say "login" rather than "logout" (would
certainly make a lot more sense that way).

-----Original Message-----
From: Cliff Rowley [mailto:cliff@onsea.net]
Sent: Monday, September 23, 2002 19:08
To: 'Struts Users Mailing List'
Subject: RE: How can I make my logout page not secure?


Then surely it'd work properly?  If the user is logged in, the logout
wont be protected and it can log them out along the way .. If they're
not logged in, they'll get thrown a login screen .. Right?

>-----Original Message-----
>From: Andrew Hill [mailto:andrew.david.hill@gridnode.com]
>Sent: 23 September 2002 12:01
>To: Struts Users Mailing List
>Subject: RE: How can I make my logout page not secure?
>
>
>Perhaps his login & logout are the same action both forwarding
>to the login screen, and if already logged in, logging out
>along the way?
>
>-----Original Message-----
>From: Cliff Rowley [mailto:cliff@onsea.net]
>Sent: Monday, September 23, 2002 18:54
>To: 'Struts Users Mailing List'
>Subject: RE: How can I make my logout page not secure?
>
>
>Out of pure interest, why do you want logout unprotected?
>People who are logged out wont need to log out, will they?
>
>>-----Original Message-----
>>From: Michael [mailto:michael@idtect.com]
>>Sent: 23 September 2002 09:40
>>To: struts-user@jakarta.apache.org
>>Subject: How can I make my logout page not secure?
>>
>>
>>I'm using J2EE container managed security (in Tomcat).  I set
>up a rule
>>to protect all *.do actions.  The problem is my logout.do is
>protected
>>as well!
>>
>>In my web.xml I have:
>>
>>  <security-constraint>
>>    <web-resource-collection>
>>      <web-resource-name>All DO</web-resource-name>
>>      <url-pattern>*.do</url-pattern>
>>      <http-method>GET</http-method>
>>      <http-method>POST</http-method>
>>    </web-resource-collection>
>>    <auth-constraint>
>>      <role-name>*</role-name>
>>    </auth-constraint>
>>  </security-constraint>
>>
>>And then I use struts to set the security roles for each action.
>>Although my logout action doesn't have any security roles, the above
>>config in the web.xml requires a user to be authenticated before
>>executing an action.
>>
>>What can I do to unprotect my logout action?
>>
>>
>>
>>--
>>To unsubscribe, e-mail:
>><mailto:struts-user->unsubscribe@jakarta.apache.org>
>>For
>>additional commands,
>>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>>
>>
>
>
>--
>To unsubscribe, e-mail:
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For
>additional commands,
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>
>--
>To unsubscribe, e-mail:
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For
>additional commands,
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:
<mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:struts-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message