Re: login problem
hi... I had to put role-names into my web.xml file to solve login problem. you mentioned in ur post.. i would like to know how it is possible and how come you are saying tat it will reduce the login problem.. if u dont mind reply me as soon as possible. Anet-2 wrote: > > Hi > I have a problem with "security-constraint" in tomcat 5.5. I use struts > 1.2. > when we used tomcat 4.1.29, there were no problem with pages needed login. > with tomcat 5.5.17, I had to put role-names into my web.xml file to solve > login problem. > But now I have another problem. > I have a form... needs login to be accessed. > the user logins successfully.the form is shown to him. > (in the code, saveToken() called ) > now he fills the form,but leaves his work,=>his session expired... > the user comes back.puts the submit button and redirects to login page. > he logins...and the process of submit should be done. > (in the code, isTokenValid(Request) called and returns false) > it is expected to continue the process... > I didn't have this problem while using tomcat 4.1 . > Would you mind help me for it? I have no idea... > thanks. > Anet. > > > > -- View this message in context: http://www.nabble.com/login-problem-tp17584175p20495105.html Sent from the Struts - User mailing list archive at Nabble.com.
Re: login problem
Hi; Thank you Laurie. It works if I take out the saveToken / isTokenValid stuff? The login process works correctly and it comes to my action class. But I won't be able to control duplicate submission. Anet. --- On Tue, 6/3/08, Laurie Harper <[EMAIL PROTECTED]> wrote: From: Laurie Harper <[EMAIL PROTECTED]> Subject: Re: login problem To: user@struts.apache.org Date: Tuesday, June 3, 2008, 12:16 PM Anet wrote: > Hi > I have a problem with "security-constraint" in tomcat 5.5. I use struts 1.2. > when we used tomcat 4.1.29, there were no problem with pages needed login. > with tomcat 5.5.17, I had to put role-names into my web.xml file to solve login problem. > But now I have another problem. > I have a form... needs login to be accessed. > the user logins successfully.the form is shown to him. > (in the code, saveToken() called ) > now he fills the form,but leaves his work,=>his session expired... > the user comes back.puts the submit button and redirects to login page. > he logins...and the process of submit should be done. > (in the code, isTokenValid(Request) called and returns false) > it is expected to continue the process... > I didn't have this problem while using tomcat 4.1 . > Would you mind help me for it? I have no idea... If I understand you correctly, you are using container managed security and seeing an inconsistency in behaviour between Tomcat 4.1.29 and 5.5.17. Struts is not involved in CMS processing in any way, so I would suspect a Tomcat and/or configuration problem. Does it work as you expect if you take out the saveToken / isTokenValid stuff? If that fixes the problem, there may be Struts-related issue here. Otherwise, you should probably pursue this on the Tomcat forums. L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login Problem
I guess that'd depend on the Tomcat version, but look at the documentation on session persistence and clustering. L. d d wrote: First of all thanks for replying... Actually i am authenticating user based on session attribute. i.e if user name is present in session. As u said told abt 'sessions being serialized' can i know more about this..or how can i avoid it?? Regards. dd On Fri, 19 Aug 2005 Laurie Harper wrote : d d wrote: I am working on a struts web application with oracle as back end.I use tomcat. I am using filter so that if user has not logged in he cannot access any of the pages.I have a problem for logging.. I login into my application..Use the application..Now if suddenly i close Tomcat Server.. and restart it ..and refresh my old page..it continues to work. This perticularly happens if there is a action in url.. e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is restarted, filter does not work..and page continues to flow. and if address bar contains "http/../ss.jsp" filter works and user is forced to login. I havent judged the exact problem yet .Can anyone help me? How are you performing authentication? If you're using HTTP Basic authentication, a restart of Tomcat wont clear the user's credentials from the browser so subsequent requests will continue to authenticate as you're seeing. Alternatively, if you're relying on data stored in the session to determine if the session has been authenticated, you may see this as a result of sessions being serialized to disk on Tomcat shutdown and reloaded on subsequent requests. In other words, without knowing more about your authentication scheme it's impossible to say if this behaviour is 'wrong' or not. Perhaps you could post the filter code you're using? L. -- Laurie Harper Open Source advocate, Java geek: http://www.holoweb.net/laurie Founder, Zotech Software: http://www.zotechsoftware.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Laurie Harper Open Source advocate, Java geek: http://www.holoweb.net/laurie Founder, Zotech Software: http://www.zotechsoftware.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Login Problem
First of all thanks for replying... Actually i am authenticating user based on session attribute. i.e if user name is present in session. As u said told abt 'sessions being serialized' can i know more about this..or how can i avoid it?? Regards. dd On Fri, 19 Aug 2005 Laurie Harper wrote : >d d wrote: >> I am working on a struts web application with oracle as back end.I use >> tomcat. I am using filter so that if user has not logged in he cannot access >> any of the pages.I have a problem for logging.. >>I login into my application..Use the application..Now if suddenly i close >>Tomcat Server.. and restart it ..and refresh my old page..it continues to >>work. >>This perticularly happens if there is a action in url.. >>e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is >>restarted, filter does not work..and page continues to flow. >> and if address bar contains "http/../ss.jsp" filter works and user is >> forced to login. >> I havent judged the exact problem yet .Can anyone help me? > >How are you performing authentication? If you're using HTTP Basic >authentication, a restart of Tomcat wont clear the user's credentials from the >browser so subsequent requests will continue to authenticate as you're seeing. >Alternatively, if you're relying on data stored in the session to determine if >the session has been authenticated, you may see this as a result of sessions >being serialized to disk on Tomcat shutdown and reloaded on subsequent >requests. > >In other words, without knowing more about your authentication scheme it's >impossible to say if this behaviour is 'wrong' or not. Perhaps you could post >the filter code you're using? > >L. >-- Laurie Harper >Open Source advocate, Java geek: http://www.holoweb.net/laurie >Founder, Zotech Software: http://www.zotechsoftware.com/ > > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >
Re: Login Problem
d d wrote: I am working on a struts web application with oracle as back end.I use tomcat. I am using filter so that if user has not logged in he cannot access any of the pages.I have a problem for logging.. I login into my application..Use the application..Now if suddenly i close Tomcat Server.. and restart it ..and refresh my old page..it continues to work. This perticularly happens if there is a action in url.. e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is restarted, filter does not work..and page continues to flow. and if address bar contains "http/../ss.jsp" filter works and user is forced to login. I havent judged the exact problem yet .Can anyone help me? How are you performing authentication? If you're using HTTP Basic authentication, a restart of Tomcat wont clear the user's credentials from the browser so subsequent requests will continue to authenticate as you're seeing. Alternatively, if you're relying on data stored in the session to determine if the session has been authenticated, you may see this as a result of sessions being serialized to disk on Tomcat shutdown and reloaded on subsequent requests. In other words, without knowing more about your authentication scheme it's impossible to say if this behaviour is 'wrong' or not. Perhaps you could post the filter code you're using? L. -- Laurie Harper Open Source advocate, Java geek: http://www.holoweb.net/laurie Founder, Zotech Software: http://www.zotechsoftware.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Login Problem
Take a look at O'Reilly's Struts Cookbook about this issue. d d wrote: I am working on a struts web application with oracle as back end.I use tomcat. I am using filter so that if user has not logged in he cannot access any of the pages.I have a problem for logging.. I login into my application..Use the application..Now if suddenly i close Tomcat Server.. and restart it ..and refresh my old page..it continues to work. This perticularly happens if there is a action in url.. e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is restarted, filter does not work..and page continues to flow. and if address bar contains "http/../ss.jsp" filter works and user is forced to login. I havent judged the exact problem yet .Can anyone help me? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Login Problem
I am working on a struts web application with oracle as back end.I use tomcat. I am using filter so that if user has not logged in he cannot access any of the pages.I have a problem for logging.. I login into my application..Use the application..Now if suddenly i close Tomcat Server.. and restart it ..and refresh my old page..it continues to work. This perticularly happens if there is a action in url.. e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is restarted, filter does not work..and page continues to flow. and if address bar contains "http/../ss.jsp" filter works and user is forced to login. I havent judged the exact problem yet .Can anyone help me?