struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sipe Informática <desarro...@sipeinformatica.com>
Subject Using Tomcat declarative security for my app
Date Wed, 24 Mar 2004 14:40:24 GMT
Hi!, first of all excuse my poor english... I have this problem:

My idea for securing my app was using Tomcat, so i have two directories: 
administrator and user, with their own jsp's.
In the web.xml i was pretending to do this:

 
    <servlet-mapping>
        <servlet-name>action</servlet-name>
        <url-pattern>/administrator/*.do</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>action</servlet-name>
        <url-pattern>/user/*.do</url-pattern>
    </servlet-mapping>

and protrect administrative and user directories with tomcat:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>
                Menu Administrador
            </web-resource-name>
            <url-pattern>
                /administrator/*
            </url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>administrador</role-name>
        </auth-constraint>
    </security-constraint>
   
        <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>
                /pagLogin.jsp
            </form-login-page>
            <form-error-page>
                /errorLogin.jsp
            </form-error-page>
        </form-login-config>
        </login-config>
   
  But, even it seems to login correctly, always returns to me a 400 
error (Invalid path) and I can`t access to any .do...
that <url-pattern> is correct? can i filter by /administrator/*.do? (I 
have tried also by /administrator/ and returns de same message).

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message