RES: RES: Struts and Tomcat JDBC Realms
Tks for all ... I found the problem and it was in my code ... Regards, Michel. -Mensagem original- De: Adam Hardy [mailto:[EMAIL PROTECTED] Enviada em: sábado, 11 de outubro de 2003 08:44 Para: Struts Users Mailing List Assunto: Re: RES: Struts and Tomcat JDBC Realms On 10/10/2003 07:45 PM Michel Bertrand wrote: > Tks for your answer. Now I understood what's happing (I hope so) ... > > I have a "multipart/form-data" and it has in its action a forward to > a common text form, like: > > > > I believe when it reaches the redirect="true", Struts clear the > request attributes and lost my user. So I have the authentication > & authorization problem that you advised me. Am I right ? > I really need to have the parameter "redirect" because without > it I have the MulpartIterator error. > > How could I workaround this situation ? Is possible to matain the > user after the redirect ? > > And what about setting the roles for my actions ? I could simply > do : > > type="com.ecommerce.album.PhotoUploadAction" > name="uploadForm" > scope="request" > validate="true" > role="user" <<<<<<<<<<<< Here ? > input="/album/upload.jsp"> > > Thanks in advance and regards ... > Michel. I am still not sure what security mechanism you are using, but if you are working with tomcat's (or whichever server's) container-managed security, a user login will set up a session for the user with an ID, the user name and the user roles. These are accessible via the request or session object. They won't be lost if you do a redirect. The action mapping's role attribute will only work like your example above if you are using this. If you have a manually coded login module for security, it won't work. So your user object which you lose during a redirect is actually not something you can use for the struts authorization, only for your own purposes. You should set up your user object by getting the login name from the request as I mentioned above, and you should store it in the session, so it won't be lost between requests. Good luck, Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Struts and Tomcat JDBC Realms
On 10/10/2003 07:45 PM Michel Bertrand wrote: Tks for your answer. Now I understood what's happing (I hope so) ... I have a "multipart/form-data" and it has in its action a forward to a common text form, like: I believe when it reaches the redirect="true", Struts clear the request attributes and lost my user. So I have the authentication & authorization problem that you advised me. Am I right ? I really need to have the parameter "redirect" because without it I have the MulpartIterator error. How could I workaround this situation ? Is possible to matain the user after the redirect ? And what about setting the roles for my actions ? I could simply do : Thanks in advance and regards ... Michel. I am still not sure what security mechanism you are using, but if you are working with tomcat's (or whichever server's) container-managed security, a user login will set up a session for the user with an ID, the user name and the user roles. These are accessible via the request or session object. They won't be lost if you do a redirect. The action mapping's role attribute will only work like your example above if you are using this. If you have a manually coded login module for security, it won't work. So your user object which you lose during a redirect is actually not something you can use for the struts authorization, only for your own purposes. You should set up your user object by getting the login name from the request as I mentioned above, and you should store it in the session, so it won't be lost between requests. Good luck, Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Struts and Tomcat JDBC Realms
Hi ! Tks for your answer. Now I understood what's happing (I hope so) ... I have a "multipart/form-data" and it has in its action a forward to a common text form, like: I believe when it reaches the redirect="true", Struts clear the request attributes and lost my user. So I have the authentication & authorization problem that you advised me. Am I right ? I really need to have the parameter "redirect" because without it I have the MulpartIterator error. How could I workaround this situation ? Is possible to matain the user after the redirect ? And what about setting the roles for my actions ? I could simply do : Thanks in advance and regards ... Michel. -Mensagem original- De: Adam Hardy [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 10 de outubro de 2003 11:43 Para: Struts Users Mailing List Assunto: Re: Struts and Tomcat JDBC Realms On 10/10/2003 01:46 PM Michel Bertrand wrote: > Hi all ! > > I was woundering about using Struts in Tomcat with JDBC Realms. > > I found lots of topics about Strunts and Realms but using policy files > and I did not find any question or topic involving struts and JDBC Reals. > > Does struts support the use of JDBC Realms in Tomcat ? I don't intent > to use it to proctect my Actions, but to protect my "jsp" pages under > some specific app directories. > > I tried to implement this running Tomcat in Security Mode but I have > some SecurityExceptions in some actions. Is it common ? Could I > solve it setting priviledges to struts.jar in my catalina.policy ? > > And so, does anybody implemented Struts + JDBC Realms + Tomcat ? Yes, many people do! Using a tomcat realm for authentication with standard security-constraints is not normally problematic. Setting up struts to make use of realm authorization (for roles) is child's play (as long as your database contains the roles & links to the users). Just put the "role" attribute in the action mapping in the config. Where & when are you getting these exceptions? Also, policy files don't need to come into it at all. Doing anything with priviliges to struts.jar is something I've never heard of. I think you are coming to the subject with a mindset for a different type of authentication & authorization system - what you require from tomcat & struts is not too complex. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts and Tomcat JDBC Realms
On 10/10/2003 01:46 PM Michel Bertrand wrote: Hi all ! I was woundering about using Struts in Tomcat with JDBC Realms. I found lots of topics about Strunts and Realms but using policy files and I did not find any question or topic involving struts and JDBC Reals. Does struts support the use of JDBC Realms in Tomcat ? I don't intent to use it to proctect my Actions, but to protect my "jsp" pages under some specific app directories. I tried to implement this running Tomcat in Security Mode but I have some SecurityExceptions in some actions. Is it common ? Could I solve it setting priviledges to struts.jar in my catalina.policy ? And so, does anybody implemented Struts + JDBC Realms + Tomcat ? Yes, many people do! Using a tomcat realm for authentication with standard security-constraints is not normally problematic. Setting up struts to make use of realm authorization (for roles) is child's play (as long as your database contains the roles & links to the users). Just put the "role" attribute in the action mapping in the config. Where & when are you getting these exceptions? Also, policy files don't need to come into it at all. Doing anything with priviliges to struts.jar is something I've never heard of. I think you are coming to the subject with a mindset for a different type of authentication & authorization system - what you require from tomcat & struts is not too complex. Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts and Tomcat JDBC Realms
Hi all ! I was woundering about using Struts in Tomcat with JDBC Realms. I found lots of topics about Strunts and Realms but using policy files and I did not find any question or topic involving struts and JDBC Reals. Does struts support the use of JDBC Realms in Tomcat ? I don't intent to use it to proctect my Actions, but to protect my "jsp" pages under some specific app directories. I tried to implement this running Tomcat in Security Mode but I have some SecurityExceptions in some actions. Is it common ? Could I solve it setting priviledges to struts.jar in my catalina.policy ? And so, does anybody implemented Struts + JDBC Realms + Tomcat ? Thanks in advance, Michel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
