Re: Security credentials are not propogated to Actionclass in Struts2
Hi balak31,
I've run into the exact same issue and I'm wondering if you were ever able
to find a work-around? It seems that it's impossible to get any user
credentials while in a filter... I've had no issues gathering the data in a
servlet.
Similar to your situation, I urgently need a resonse!
Any guidance would be greatly appreciated!
Thanks,
Matt
balak31 wrote:
Hi ,
I am newbie to Struts2. I have the following issue while configuring the
container managed security in Struts2 with Websphere Application Server
6.1. ..Need urgent assistance Please...
Issue:
I want to secure my web application using Container managed security by
using Websphere Application Server6.1. Secured all the URLs by placing a
security constraint and map the relevant users/groups in my web.xml.But
the security credentials are not propagated to the LoginAction class.when
i print the request.getRemoteUser() it gives null.Where as the same works
100% fine in TOMCAT server.
Entries in web.xml
--
filter
filter-namestruts/filter-name
filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class
/filter
filter-mapping
filter-namestruts/filter-name
url-pattern/*/url-pattern
/filter-mapping
security-constraint
display-name
secconst12/display-name
web-resource-collection
web-resource-namesecweb1234/web-resource-name
url-pattern*.action/url-pattern
url-pattern/*/url-pattern
url-pattern*/url-pattern
http-methodGET/http-method
http-methodPUT/http-method
http-methodHEAD/http-method
http-methodTRACE/http-method
http-methodPOST/http-method
http-methodDELETE/http-method
http-methodOPTIONS/http-method
/web-resource-collection
auth-constraint
description
secAuthConst12/description
role-namesecrole12/role-name
/auth-constraint
/security-constraint
login-config
auth-methodBASIC/auth-method
realm-nameDirRealm/realm-name
/login-config
security-role
role-namesecrole12/role-name
/security-role
Entries in struts.xml
-
struts
!-- Include webwork default (from the Struts JAR). --
include file=struts-default.xml/
package name=default extends=struts-default
action name=login class=com.xxx.xxx.action.LoginAction
result name=load success.jsp/result
/action
/package
/struts
LoginAction.java
public class LoginAction
{
...
...
...
public String execute()
{
HttpServletRequest request = ServletActionContext.getRequest();
System.out.println(req.getRemoteUser() : +
request.getRemoteUser());
// Prints null
System.out.println(username : +
request.getParameter(userName));
return load;
}
}
Below are the approaches what i've tried so far:
---
Approach 1:
Converted the Same application to Struts1.2 and deployed it in Websphere
Application Server 6.1
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 2:
Deployed the same struts2 application in ApacheTomcat 6.0.14
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 3:
Deployed the same struts2 application in Websphere Application Server 6.1
Output:
Not able to get the remoteUser in LoginAction.It prints null.
Am i missing anything fundamentally.Please let us know what would be
required to be done to make it work.
--
View this message in context:
http://www.nabble.com/Security-credentials-are-not-propogated-to-Actionclass-in-Struts2-tp12234106p15882514.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security credentials are not propogated to Actionclass in Struts2
Did u try
*request.getUserPrincipal().getName();*
On 8/20/07, balak31 [EMAIL PROTECTED] wrote:
Hi ,
I am newbie to Struts2. I have the following issue while configuring the
container managed security in Struts2 with Websphere Application Server
6.1.
..Need urgent assistance Please...
Issue:
I want to secure my web application using Container managed security by
using Websphere Application Server6.1. Secured all the URLs by placing a
security constraint and map the relevant users/groups in my web.xml.Butthe
security credentials are not propagated to the LoginAction class.when i
print the request.getRemoteUser() it gives null.Where as the same works
100%
fine in TOMCAT server.
Entries in web.xml
--
filter
filter-namestruts/filter-name
filter-classorg.apache.struts2.dispatcher.FilterDispatcher
/filter-class
/filter
filter-mapping
filter-namestruts/filter-name
url-pattern/*/url-pattern
/filter-mapping
security-constraint
display-name
secconst12/display-name
web-resource-collection
web-resource-namesecweb1234/web-resource-name
url-pattern*.action/url-pattern
url-pattern/*/url-pattern
url-pattern*/url-pattern
http-methodGET/http-method
http-methodPUT/http-method
http-methodHEAD/http-method
http-methodTRACE/http-method
http-methodPOST/http-method
http-methodDELETE/http-method
http-methodOPTIONS/http-method
/web-resource-collection
auth-constraint
description
secAuthConst12/description
role-namesecrole12/role-name
/auth-constraint
/security-constraint
login-config
auth-methodBASIC/auth-method
realm-nameDirRealm/realm-name
/login-config
security-role
role-namesecrole12/role-name
/security-role
Entries in struts.xml
-
struts
!-- Include webwork default (from the Struts JAR). --
include file=struts-default.xml/
package name=default extends=struts-default
action name=login class=com.xxx.xxx.action.LoginAction
result name=load success.jsp/result
/action
/package
/struts
LoginAction.java
public class LoginAction
{
...
...
...
public String execute()
{
HttpServletRequest request =
ServletActionContext.getRequest();
System.out.println(req.getRemoteUser() : +
request.getRemoteUser()); //
Prints null
System.out.println(username : + request.getParameter
(userName));
return load;
}
}
Below are the approaches what i've tried so far:
---
Approach 1:
Converted the Same application to Struts1.2 and deployed it in Websphere
Application Server 6.1
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 2:
Deployed the same struts2 application in ApacheTomcat 6.0.14
Output:
It works fine.Can able to get the remoteUser using request.getRemoteUser()
Approach 3:
Deployed the same struts2 application in Websphere Application Server 6.1
Output:
Not able to get the remoteUser in LoginAction.It prints null.
Am i missing anything fundamentally.Please let us know what would be
required to be done to make it work.
--
View this message in context:
http://www.nabble.com/Security-credentials-are-not-propogated-to-Actionclass-in-Struts2-tf4298249.html#a12234106
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
--Yoge
91-9840425388
