RE: Security, authentication and authorisation with Struts
I would highly recommend looking at JAAS for authentication/authorization. I'm using it in conjunction with Struts right now (using JBoss/Tomcat) and everything is working fine. I'm still in development and haven't gone live yet, but so far so good. JAAS takes a little while to get your head around. Lots of terminology to decipher. But the promise of implementation independent security in your application was worth it for me. It's pretty straight forward in JBoss, but again it'll take you some time reading and playing with it before it starts making sense. See http://java.sun.com/products/jaas/index-10.html for more details. -ryan -Original Message- From: Prior, Simon To: '[EMAIL PROTECTED]' Sent: 8/24/2001 8:11 AM Subject: Security, authentication and authorisation with Struts Hi Guys, I wondered what approach you guys took when implementing security, authentication and authorisation. I have the common scenario where the application I am creating allocates roles to certain types of users, allows them to login, then restricts access to certain pages and within the pages certain content. As this is a very common problem/scenario I wondered what approach you guys took when using Struts. Do you utilise container managed security or do you use application managed security? - what have you found works best with Struts? Does anyone have any suggestions or example applications I could take a look at? Thanks in advance, Simon. For optimum solutions that save you time, visit www.ds-s.com.
Cannot retrieve mapping for action /j_security_check
Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
RE: Cannot retrieve mapping for action /j_security_check
Thanks for the quick reply but this seems like too much work just to get some consistency across my .jsp forms. I would think there would be a way for struts to let forms posted to j_security_check pass through to the servlet container instead of the normal Action classes. I want the container, not Struts, to do my authentication/authorization. Thanks for the help though. -ryan -Original Message- From: Jay Patel To: '[EMAIL PROTECTED]' Sent: 8/24/2001 3:41 PM Subject: RE: Cannot retrieve mapping for action /j_security_check You will need to add the Action mapping in your struts-config.xml file. You will also need the form-bean mapping that your form will use to pass the form data to the action class. Here is an example. form-beans !-- Loin form bean -- form-bean name=loginForm type=com.dextera.examples.forms.LoginForm/ /form-beans action-mappings !-- Process a user login -- actionpath=/login type=com.dextera.examples.actions.LoginAction name=loginForm scope=request input=/login.jsp forward name=success path=/home.jsp/ /action-mappings All in all you will need the following: 1. A form bean to carry the data 2. Action servlet to perform your action 3. Form bean declaration in struts-config 4. Action mapping in struts-config Good luck. Jay Patel 972-701-9773 972-849-0373 Mobile [EMAIL PROTECTED] -Original Message- From: Shriver, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:26 PM To: '[EMAIL PROTECTED]' Subject: Cannot retrieve mapping for action /j_security_check Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
Struts Design Question
Hello all, I downloaded Struts last week and have enjoyed playing with it. I've come upon a design problem and I was hoping some folks on this list could help solve it. I've had no luck finding an answer in the mail archives. I want to maintain a list of songs. Through a web interface, I want to add a new song, edit information about an existing song (composer, artist, etc) and also delete a song. Under the covers this will do some sort of database insert, update and delete, respectively. The forms for adding a new song and editing an existing song are practically identical. They contain the same field names with the difference being edit pre-populates the fields with the existing values of a song whereas the fields are blank for add. Question #1: Can one ActionForm suffice for both add and edit form pages? My gut says yes, but I want to make sure. Actions. In the simplest scenario, I could create separate actions for all operations. I'd have AddSongAction, EditSongAction and DeleteSongAction classes each with their own logic in perform(). This would work, but there's something that bothers me about having three different classes performing operations on one entity. It seems like overkill. DispatchActions. I saw the post about using DispatchAction to have multiple methods in a single Action class. I really like this approach, as I could have insert, update and delete methods in my Action class. However, the input= attribute in the action mapping definition (in struts-config.xml) is shared for all of them. So if I have separate addsong.jsp and editsong.jsp form pages sharing the same Action, and a validation error occurs, Struts can only return to one (whatever input= is). So this won't work. Question #2: Is there a happy medium between these two approaches? One idea that I haven't worked through is using one songform.jsp page for add/edit/delete. Calling songform.jsp?method=add would produce a blank page for entering a new song. Songform.jsp?method=editid=1234 would populate the form with values from a song whose id = 1234. From here one could edit or delete the selected song. In Struts I'd use the DispatchAction to pass all add/edit/delete requests to one Action class. Because all were using the same form, the input= attribute problem above would be avoided. Question #3: Will this approach work? Can anyone offer a better solution for this problem? Thanks for the feedback. -ryan