Re: How to do authentication in different way for different action classes

Thu, 03 Apr 2003 17:23:09 -0800 

You should keep *.do for your servlet mapping.

Assuming you are using container-managed security, you can do something like
this for your security constraints:

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Secured Resources</web-resource-name>
         <url-pattern>*.do</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>strutsuser</role-name>
      </auth-constraint>
   </security-constraint>

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Public Resources</web-resource-name>
         <url-pattern>/welcome.do</url-pattern>
      </web-resource-collection>
   </security-constraint>

The servlet spec requires that "exact" patterns like /welcome.do should be
matched before "extension" patterns like *.do. So, requests for /welcome.do
will match the security constraint that doesn't have any role requirements,
rather than the one that does.

-Max

----- Original Message -----
From: "Rajendra Kadam" <[EMAIL PROTECTED]>
To: "Struts-User" <[EMAIL PROTECTED]>
Sent: Thursday, April 03, 2003 4:23 PM
Subject: How to do authentication in different way for different action
classes


> Hi,
>
> In our application,
>
> I don't want to do authentication to first action class ( welcome.do )
> But at the same time, I want to do authetication for all other action
> classes.
>
> Initally my web.xml was looking like this
>
>   <servlet>
>     <servlet-name>action</servlet-name>
>
> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
>     ......
>   </servlet>
>
>   <servlet-mapping>
>    <servlet-name>action</servlet-name>
>    <url-pattern>*.do</url-pattern>
>   </servlet-mapping>
>
> But the disadvantage of doing this way, is that Authentication Dialog
> box comes up for welcome.do also. Which I don't want.
>
> Hence right now I'm putting all action classes for which authentication
> is required into url-pattern as shown below :
>
>   <servlet-mapping>
>    <servlet-name>action</servlet-name>
>    <url-pattern>/abc.do</url-pattern>
>    <url-pattern>/xya.do</url-pattern>
>    <url-pattern>/sdabc.do</url-pattern>
>           ......
>   </servlet-mapping>
>
> Since I had not mentioned, welcome.do in above place, it doesn't do
> authentication for it.
>
> Dis-advantage of doing this is everytime I added new Action class, I
> have to make the entry into this url-pattern.
>
> Is there any better way of doing this ?
>
> TIA,
> raju
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to