if I remember correctly, it is not possible to use Action servlet mappings for the login and error pages in tomcat.
I do know for sure that it is recommended practice to keep those pages seperate programmatically and to view them as part of the container rather than part of your app. Check the archives for a few threads on that matter.
Adam
On 10/07/2003 12:44 AM Caroline Jen wrote:
I use the Tomcat. I configured the Tomcat JDBCRealm so that I can use programmic security testing, such as isUserInRole(), in my program.
Because Tomcat JDBCRealm is form based, I inserted the <login-config> and its sub-elements in my web.xml file (see below). As we know, the <form-login-page> and <form-error-page> are required.
My question is that the container-managed
authentication does not seem to be consistent with
what we usually do in struts; e.g. we state the
logical name and path for each .jsp page in the
struts-config.xml file.
What is the Struts convention in dealing with user authentication? Should we specify the paths for the logon page and error page in the struts.config.xml or we should use the <form-login-page> and <form-error-page> in the web.xml file?
======================================================
<security-constraint>
<web-resource-collection>
<web-resource-name>SalesInfo</web-resource-name>
<url-pattern>/SalesInfo/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name> </auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/authentication/login.html</form-login-page>
<form-error-page>/authentication/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role> <role-name>manager</role-name> </security-role>
__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
