struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olgt <o...@yahoo.com>
Subject struts action url mapping and container managed authorization
Date Wed, 28 Apr 2004 14:16:51 GMT
Greetings to all -

I need to have a number of authentication/registration
related actions to be available w/out container
managed authentication. The problem is that
ActionServlet can only have one mapping: 

5.4.2 Configure the Action Servlet Mapping WARNING -
Struts will not operate correctly if you define more
than one <servlet-mapping> element for the controller
servlet.

I use extension mapping since according to 5.4.2
Configure the Action Servlet Mapping: WARNING - If you
are using the new module support in Struts 1.1, you
should be aware that only extension mapping is
supported.

So, in web.xml I have this:
  <servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <url-pattern>*.do</url-pattern>
      <url-pattern>/jsp/*</url-pattern>
    </web-resource-collection>
  </security-constraint>

Do I have to now enumerate all of the secured actions
here (instead of "*.do") in order to 'open' a few
login/registration related ones ? What is the best
practice to deal with this issue ?

Any ideas are greatly appreciated.
Thanks
Pavel

Note. Here is what I've tried in the past. I've
created a new servlet and gave it a special mapping.
This servlet gets a reference to the struts action
servlet as

ActionServlet actionServlet =
 
(ActionServlet)getServletContext().getAttribute(Globals.ACTION_SERVLET_KEY);

and then calls doGet/doPost on it. This way I can use
multiple url mappings for the struts actions. 

This approach helped to get access to the actions
outside of the struts framework (straight html
get/post).

However, there is a  problem with this approach. 

If I map my proxy servlet using prefix mapping as
  <servlet-mapping>
    <servlet-name>publicProxy</servlet-name>
    <url-pattern>/public/*</url-pattern>
  </servlet-mapping>

then html:form tag 
 <html:form action="/authenticate.public">
will resolve into
 <form name="loginForm" method="post"     
    action="/mycontext/public/authenticate.do">
which will cause the container authorization check

If I map my proxy servlet using extension mapping as
  <servlet-mapping>
    <servlet-name>publicProxy</servlet-name>
    <url-pattern>*.public</url-pattern>
  </servlet-mapping>

then html:form tag 
 <html:form action="/authenticate.public">
will cause the exception: 
 Cannot retrieve mapping for action /authenticate



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message