On Mon, 11 Mar 2002, Mark Glass wrote:
> I'm developing a web application in Struts that requires a user to
> have a session before they can use the application. Currently anyone
> can bypass the logon and use the application. I would like the user to
> be required to login first. I am saving the user info to session when
> the user logs in and testing the session for this attribute before
> allowing them to use the functionality, however this does not work.
I'm using the servlet runner security for my stuff. It's a bit different
for Resin compared to Tomcat, but this is how to do it.
In your web.xml file, put something like this:
<login-config auth-method='form'>
<form-login-config
form-login-page='/index.jsp'
form-error-page='/index.jsp' />
<authenticator id='com.mycompany.Authenticator' />
</login-config>
<security-constraint>
<web-resource-collection>
<url-pattern>/main/*</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint role-name='user'/>
</security-constraint>
Whenever you access a url that starts with main or admin, the servlet
container will make you authenticate. It's built in, so I would rather use
that than try to make my own. You can put links to things inside the
secured area and the login forms appear whenever they are needed.
The file that contains the login form can also have a field called j_uri
to point you to a specific page after login, like a home section.
<form method="post" action="j_security_check" >
<input type="hidden" name="j_uri" value="/main/index.do" />
Username <input type="text" name="j_username" value="user">
<br>
Password <input type="text" name="j_password" value="pass">
<br>
<input type="submit" name="submit" value="Login">
</form>
--
Dave Weis "I believe there are more instances of the abridgement
[EMAIL PROTECTED] of the freedom of the people by gradual and silent
encroachments of those in power than by violent
and sudden usurpations."- James Madison
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
