On Thu, 17 Jul 2003, Adam Hardy wrote:
> Date: Thu, 17 Jul 2003 11:34:49 +0200 > From: Adam Hardy <[EMAIL PROTECTED]> > Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]> > To: Struts Users Mailing List <[EMAIL PROTECTED]> > Subject: login for half my action mappings, leaving other half unsecured > > In some of my action mappings I am providing XML output for anybody and > it shouldn't be protected by any web.xml security-constraint, but for > the rest, I need login security which I already have set up. > > What I have come up with after a slight false start is a plan to have > all my secured requests go to /secure/*.do > > This way I can map the *.do to the action servlet, and I can map the > security-constraint to the /secure/* > > The only doubt I have is that my action mappings in struts-config have a > path that looks like path="/secure/dostuff" which I am not used to since > I haven't used a pseudo-directory in my mapping path before. Is this OK, > or am I barking up the wrong tree again? > No, you're doing it right, as long as you continue to map the Struts controller servlet to the "*.do" pattern, and map your security constraints to the "/secure/*" pattern. The place where they overlap (action paths within the "/secure" area) are exactly the ones that will be protected by the constraint, while all other actions will continue to be accessible to anyone. > Thanks > Adam Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]