Re: j_security_check
So I have got the demo to work, so I copied the .xml and java files accross to my own project and I get this javax.servlet.exception Error matching patterns Any idea what that is? I set it up the same as with the Catalina example. As in '/*' in web.xml and '/index.jsp' in security filter. Thanks in advance. Ronan. On Déardaoin, Már 20, 2003, at 00:20 Etc/GMT, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Ronan, Please post the exception stack trace, or perhaps better yet, email your securityfilter-config.xml and the stack trace to me and I'll help track the problem down. It is likely that something is amiss in the securityfilter-config.xml file, so a quick (but careful) check of any areas you may have changed when setting it up for your app might get you to a solution the fastest. -Max - Original Message - From: ronanoc [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, March 31, 2003 5:38 AM Subject: Re: j_security_check So I have got the demo to work, so I copied the .xml and java files accross to my own project and I get this javax.servlet.exception Error matching patterns Any idea what that is? I set it up the same as with the Catalina example. As in '/*' in web.xml and '/index.jsp' in security filter. Thanks in advance. Ronan. On Déardaoin, Már 20, 2003, at 00:20 Etc/GMT, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org
Re: j_security_check
You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Hi Max I've really got to investigate the securityfilter for my next project :) Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 10:50, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check with LogonAction
2003. január 31. 01:06 dátummal MarwanSalam ezt írtad: Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I I have a filter which checks wheter the required information is or is not stored in session. If not, it loads and stores. Tib - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check with LogonAction
Hello, What I have done is like: 1) I forward the user to ActionClass after the LoginPage (not the default one but to the coustom one). 2) In this action class I set all the parameters that I require. 3) After this I forward the user to the j_security_check part. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 31, 2003 5:36 AM Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check with LogonAction
Hi I think the solution to this is to make LoginAction.do a protected resource. Any attempt to access LoginAction.do will cause your login page to be displayed and following sucessful authentication, you can complete the action in LoginAction.do - including forwards to your chosen page. db -Original Message- From: MarwanSalam [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 31 January 2003 00:06 To: [EMAIL PROTECTED] Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check with LogonAction
I usually create an ActionFilter that maps to the same url-pattern as my Action class. You can then set a userForm or token in the session if it's null, and that way you'll know if they just logged in or not. Seems to work pretty well for me. Here's an example: http://tinyurl.com/55an HTH, Matt -Original Message- From: MarwanSalam [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Dont use struts html:something tags inside your form. bean:message and such are ok. Otherwise, it thinks you want to use an ActionForm. Mike - Original Message - From: Darren Hill [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Monday, November 18, 2002 2:21 PM Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check This doesn't look right. Couple of possibilities I can think of. 1. Doublecheck that you have form based authentication enabled in your web.xml 2. Try changing your form to use /j_security_check -TPP -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check
2002-11-18, h keltezssel Darren Hill ezt rta: Wow. I had this working awesome ... now I get a I never had this phenomenon before however I use extension mapping so j_security_check never matches *.do. Tib -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Darren, Try completely cleaning your login form of Struts tags. When you get that to work, add them back slowly to see which ones are giving the problem. I've found that I can put a login form using j_security_check inside a Struts tile, but using Struts tags caused problems for me of the sort you are having. I haven't gone deeper than that, it's something I want to figure out some day, but it works fine for now. (I'd like to go get a beer or out in the sunshine someday too, so you can imagine how this one stacks up on the list ;) hth, -b -Original Message- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 2:21 PM To: 'Struts Users Mailing List' Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Thank you all for your input. I've found the problem ... the base tag in my HTML. One way I figured this out was, upon submitting from the form, there was no response from either my ActionServlet or RequestProssesor. Peculiar. Then I noticed the error I was receiving was trying to find the j_security_check some where other then what I put in the action. Anyway, I remove the base tag and all is well. Thanks again for everyone's input and thoughts. I hope this helps out other people. D. -Original Message- From: Brian Topping [mailto:[EMAIL PROTECTED]] Sent: November 18, 2002 9:48 PM To: Struts Users Mailing List Subject: RE: j_security_check Darren, Try completely cleaning your login form of Struts tags. When you get that to work, add them back slowly to see which ones are giving the problem. I've found that I can put a login form using j_security_check inside a Struts tile, but using Struts tags caused problems for me of the sort you are having. I haven't gone deeper than that, it's something I want to figure out some day, but it works fine for now. (I'd like to go get a beer or out in the sunshine someday too, so you can imagine how this one stacks up on the list ;) hth, -b -Original Message- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 2:21 PM To: 'Struts Users Mailing List' Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
JAAS is not relevant if you're using container-managed security. You'll need to set up users in whatever user database your container (WebLogic in your case) provides. Struts also has nothing to do with this -- although you can use role information with tags like logic:present or the roles attribute on an action if you want to. JAAS would only be relevant if you wanted to do application-managed security instead, or if you were implementing the container itself. Craig On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 12:21:12 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: j_security_check, jaas and weblogic 6.1 I have to do security for the company I am at. I have never used j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for authentication/authorization). I read all through the examples on j_security_check, jaas and WLS RDBMS out there I could get my hands on. There seems to be no good real world examples of how to tie all these together. The reason I'm having an issue is struts is the middle man, the controller so he is key to it all. I know i configure j_security_check in my web.xml to point to use form authentication, i know all about deployment descriptor configuration for ejb, war, etc. This is not the problem. I don't see how JAAS fits into j_security_check? I also dont see how struts fits into it either? Do I need to also add a login.do? I need to get the locale for the user from the database and figured I would do this at the login. JAAS wants LoginContext.login(), most j2ee say j_security_check and struts examples have login.do (this is the way I've typically done it). Help! I can't find any real world examples to tie all these together! thanks! Mike Lee -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
Thank you! You are the ONLY place I've heard this! Now everything seems to make more sense. I was just going to use j_security_check hooked into Weblogic RDBMS and put the user in the session for authentication from there on in (JNDI security to EJB). So this looks like the right path? No offense, but is this right? BEA recommends you use JAAS all over the place. I'm mainly going to use ACL in the deployment descriptors for my web app and ejbs. I also noticed that almost all JAAS implementations were at the java client layer. Few were servlets, etc. This would make sense with what your saying because no container would exist at a pure java client layer (such as with the JAAS RMI example that comes with weblogic). BTW, EXCELLENT job with struts Craig and team. I have 2 systems IN PRODUCTION! using struts. They wrote one at the job I'm at and I recommended struts to replace it. We are now going full steam ahead with struts! thanks, Mike Lee - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, August 26, 2002 12:52 PM Subject: Re: j_security_check, jaas and weblogic 6.1 JAAS is not relevant if you're using container-managed security. You'll need to set up users in whatever user database your container (WebLogic in your case) provides. Struts also has nothing to do with this -- although you can use role information with tags like logic:present or the roles attribute on an action if you want to. JAAS would only be relevant if you wanted to do application-managed security instead, or if you were implementing the container itself. Craig On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 12:21:12 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: j_security_check, jaas and weblogic 6.1 I have to do security for the company I am at. I have never used j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for authentication/authorization). I read all through the examples on j_security_check, jaas and WLS RDBMS out there I could get my hands on. There seems to be no good real world examples of how to tie all these together. The reason I'm having an issue is struts is the middle man, the controller so he is key to it all. I know i configure j_security_check in my web.xml to point to use form authentication, i know all about deployment descriptor configuration for ejb, war, etc. This is not the problem. I don't see how JAAS fits into j_security_check? I also dont see how struts fits into it either? Do I need to also add a login.do? I need to get the locale for the user from the database and figured I would do this at the login. JAAS wants LoginContext.login(), most j2ee say j_security_check and struts examples have login.do (this is the way I've typically done it). Help! I can't find any real world examples to tie all these together! thanks! Mike Lee -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 14:29:44 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: Re: j_security_check, jaas and weblogic 6.1 Thank you! You are the ONLY place I've heard this! Now everything seems to make more sense. I was just going to use j_security_check hooked into Weblogic RDBMS and put the user in the session for authentication from there on in (JNDI security to EJB). So this looks like the right path? If BEA did things correctly, you shouldn't have to do anything special about saving the user in the session for EJB authentication -- the same user identity should be carried over automatically. No offense, but is this right? BEA recommends you use JAAS all over the place. I'm mainly going to use ACL in the deployment descriptors for my web app and ejbs. I also noticed that almost all JAAS implementations were at the java client layer. Few were servlets, etc. This would make sense with what your saying because no container would exist at a pure java client layer (such as with the JAAS RMI example that comes with weblogic). JAAS is what I'd use if I was writing the back end of WebLogic's servlet container. But web applications that run inside the container should not have to know anything about it. As you note, client apps don't have that kind of container support, so a roll your own solution based on JAAS makes more sense there. BTW, EXCELLENT job with struts Craig and team. I have 2 systems IN PRODUCTION! using struts. They wrote one at the job I'm at and I recommended struts to replace it. We are now going full steam ahead with struts! thanks, Mike Lee Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: 'j_security_check' and unsecured resource access
1. login successfully using 'j_security_check'; 2. the next request happens to be to an unsecured url (e.g. /do/frontpage (with no restrictions in web.xml) -- DispatchServlet -- user.frontpage (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' and 'getRemoteUser()' tell me the user is not logged in (in DispatchServlet)! (I'm using jboss244+tomcat401, struts1.0, tiles) I don't know how JBoss behaves, but this is exactly how WebSphere behaves. -TPP -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
I'm on the phone with IBM at this moment. The scoop I got from searching the WEbsphere newsgroup was that 4.02 broke the forwarding for form-based security. That's what I was experiencing, and the message said that the fix was only available by calling IBM support. Supposedly efix PQ56667 fixes the problem. That's what I'm trying to get right now. I'll let you know if it works. I'm also experiencing problems (documented on this list) in that WebSphere handles responseRedirects differently than tomcat (you end up with duplicate context roots in the path ( like http://myapp.com/root/root/do/action ). I'd be curious if anyone has a workaround for this other than the Struts source patch suggested earlier. Lee -Original Message- From: Dave J Dandeneau [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 11:18 AM To: Struts Users Mailing List Cc: Tero P Paananen Subject: j_security_check We're currently implementing an application using Struts on WebSphere. We're running into some issues regarding J2EE security (j_security_check et.al.). Are there other folks on the list who have implemented applications using Struts with WebSphere and have done work with J2EE security? We're having a hard time getting IBM to verify our approach(es) to problems we're facing (basically they want to sell us consulting work to answer a yes/no question). We'd love to hear from somebody on the list who's gone/going through the same thing. Thanks -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check form authentication controlled in WAR context?
On Thu, 15 Mar 2001, Richard Yumul wrote: Is there a way to define the authenticating class within the WAR context? I like the way SimpleRealm JDBCRealm work, automatically protecting every resource matching a regex. However if I need a custom realm, I'd really prefer to have it be deployable in the war (would work across servlet containers) not have to customize tomcat. If not, how are other people getting around this, other than putting a custom tag (or something) on every jsp page? There is no portable API in the servlet spec defining how a container should talk to the authentication realm. This was considered in the process leading up to the 2.3 (proposed final draft) spec, but we didn't have time to settle on a standardized interface :-(. Thus, you are stuck having to conform to the APIs that each container provides for this purpose (for example, in Tomcat you would build your own Realm implementation). However, your apps themselves would all be portable. TIA, Rich Craig McClanahan