You should keep *.do for your servlet mapping. Assuming you are using container-managed security, you can do something like this for your security constraints:
<security-constraint> <web-resource-collection> <web-resource-name>Secured Resources</web-resource-name> <url-pattern>*.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>strutsuser</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Public Resources</web-resource-name> <url-pattern>/welcome.do</url-pattern> </web-resource-collection> </security-constraint> The servlet spec requires that "exact" patterns like /welcome.do should be matched before "extension" patterns like *.do. So, requests for /welcome.do will match the security constraint that doesn't have any role requirements, rather than the one that does. -Max ----- Original Message ----- From: "Rajendra Kadam" <[EMAIL PROTECTED]> To: "Struts-User" <[EMAIL PROTECTED]> Sent: Thursday, April 03, 2003 4:23 PM Subject: How to do authentication in different way for different action classes > Hi, > > In our application, > > I don't want to do authentication to first action class ( welcome.do ) > But at the same time, I want to do authetication for all other action > classes. > > Initally my web.xml was looking like this > > <servlet> > <servlet-name>action</servlet-name> > > <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> > ...... > </servlet> > > <servlet-mapping> > <servlet-name>action</servlet-name> > <url-pattern>*.do</url-pattern> > </servlet-mapping> > > But the disadvantage of doing this way, is that Authentication Dialog > box comes up for welcome.do also. Which I don't want. > > Hence right now I'm putting all action classes for which authentication > is required into url-pattern as shown below : > > <servlet-mapping> > <servlet-name>action</servlet-name> > <url-pattern>/abc.do</url-pattern> > <url-pattern>/xya.do</url-pattern> > <url-pattern>/sdabc.do</url-pattern> > ...... > </servlet-mapping> > > Since I had not mentioned, welcome.do in above place, it doesn't do > authentication for it. > > Dis-advantage of doing this is everytime I added new Action class, I > have to make the entry into this url-pattern. > > Is there any better way of doing this ? > > TIA, > raju > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]