struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From olgt <o...@yahoo.com>
Subject Re: struts action url mapping and container managed authorization - help is needed, please !!
Date Wed, 28 Apr 2004 16:23:57 GMT
Did anybody used struts in the container managed
authentication environment ?

--- olgt <olgt@yahoo.com> wrote:
> Greetings to all -
> 
> I need to have a number of
> authentication/registration
> related actions to be available w/out container
> managed authentication. The problem is that
> ActionServlet can only have one mapping: 
> 
> 5.4.2 Configure the Action Servlet Mapping WARNING -
> Struts will not operate correctly if you define more
> than one <servlet-mapping> element for the
> controller
> servlet.
> 
> I use extension mapping since according to 5.4.2
> Configure the Action Servlet Mapping: WARNING - If
> you
> are using the new module support in Struts 1.1, you
> should be aware that only extension mapping is
> supported.
> 
> So, in web.xml I have this:
>   <servlet-mapping>
>     <servlet-name>action</servlet-name>
>     <url-pattern>*.do</url-pattern>
>   </servlet-mapping>
> 
>   <security-constraint>
>     <web-resource-collection>
>       <url-pattern>*.do</url-pattern>
>       <url-pattern>/jsp/*</url-pattern>
>     </web-resource-collection>
>   </security-constraint>
> 
> Do I have to now enumerate all of the secured
> actions
> here (instead of "*.do") in order to 'open' a few
> login/registration related ones ? What is the best
> practice to deal with this issue ?
> 
> Any ideas are greatly appreciated.
> Thanks
> Pavel
> 
> Note. Here is what I've tried in the past. I've
> created a new servlet and gave it a special mapping.
> This servlet gets a reference to the struts action
> servlet as
> 
> ActionServlet actionServlet =
>  
>
(ActionServlet)getServletContext().getAttribute(Globals.ACTION_SERVLET_KEY);
> 
> and then calls doGet/doPost on it. This way I can
> use
> multiple url mappings for the struts actions. 
> 
> This approach helped to get access to the actions
> outside of the struts framework (straight html
> get/post).
> 
> However, there is a  problem with this approach. 
> 
> If I map my proxy servlet using prefix mapping as
>   <servlet-mapping>
>     <servlet-name>publicProxy</servlet-name>
>     <url-pattern>/public/*</url-pattern>
>   </servlet-mapping>
> 
> then html:form tag 
>  <html:form action="/authenticate.public">
> will resolve into
>  <form name="loginForm" method="post"     
>     action="/mycontext/public/authenticate.do">
> which will cause the container authorization check
> 
> If I map my proxy servlet using extension mapping as
>   <servlet-mapping>
>     <servlet-name>publicProxy</servlet-name>
>     <url-pattern>*.public</url-pattern>
>   </servlet-mapping>
> 
> then html:form tag 
>  <html:form action="/authenticate.public">
> will cause the exception: 
>  Cannot retrieve mapping for action /authenticate
> 
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs  
> http://hotjobs.sweepstakes.yahoo.com/careermakeover 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
> 



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message