but I get the following error from tomcat HTTP Status 400 - User is not authorized to access action /login
My server.xml is like this (I followed the tomcat docs):
<Context path="/roles" reloadable="true" docBase="/home/kelly/eclipse/workspace/roles" workDir="/home/kelly/eclipse/workspace/roles/work/org/apache/jsp" >
<Logger className="org.apache.catalina.logger.SystemOutLogger" verbosity="4" timestamp="true"/>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/locadora?user=mysql&password=mysql"
userTable="users" userNameCol="username" userCredCol="password"
userRoleTable="userRoles" roleNameCol="rolename"/>
</Context>
The database is created in mysql like this: database name: locadora table users: columns: username, password which values are user, user table userRoles: columns: username, rolename which values are user, adm
My struts-config.xml is like this:
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" >
<struts-config>
<!-- Form Bean Definitions -->
<form-beans>
<form-bean name="loginForm" type="org.apache.struts.validator.DynaValidatorForm">
<form-property name="txtLogin" type="java.lang.String"/>
<form-property name="pwdSenha" type="java.lang.String"/>
<form-property name="methodToCall" type="java.lang.String"/>
</form-bean>
</form-beans>
<!-- Global forwards -->
<global-forwards>
<forward name="error" path="/error.jsp"/>
</global-forwards>
<!-- Action Mapping Definitions -->
<action-mappings>
<action path="/login"
roles = "adm"
type="LoginAction"
name = "loginForm"
scope="request"
input="/index.jsp"
validate="true">
<forward
name="continue"
path="/principal.jsp"/>
<forward
name="erro"
path="/index.jsp"/>
</action>
</action-mappings>
<!-- message resources -->
<message-resources
parameter="resources.application"/>
<!-- plugins --> <plug-in className="org.apache.struts.validator.ValidatorPlugIn">
<set-property property="pathnames" value="/WEB-INF/validator-rules.xml,
/WEB-INF/validation.xml"/>
</plug-in>
</struts-config>
Can anyone point me what I'm missing?
Mohan Radhakrishnan wrote:
You can use a vendor-specify API ( JDBC/Realm ) to map to user/role tables. You can also use the XML file ( tomcat-users.xml ) instead with hard-coded values. You don't have to extend RequestProcessor if you are using CMA.
If you want to do application based-security then you need to extend the
RequestProcessor and over-ride the processRoles() method.
You can read the tomcat JDBC/Realm doc. in the apache site. It is similar for other containers. http://kb.atlassian.com/content/tutorials/jollem/orion-security-primer/ is another good site explaining OC4J roles. Mohan
-----Original Message----- From: Kelly Goedert [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 5:26 PM To: Struts Users Mailing List Subject: Re: RequestProcessor problem
Paul,
Thanks for your help, I've checked this links already and they didn help me much. What I want is (following your example below): when the user has the role uploader assigned to him he may call this action uploadfile. Now: where do I define the relation user/role? Do I use a JDBC/Realm? If I want to check this relation in my application should I externd RequestProcessor? (I believe so). If I don't want to extend the RequestProcessor, and use it as it is, where do I mantain the user/role relationship?
Kelly.
Paul-J Woodward wrote:
My understanding is:your struts-config.xml file e.g.:
The request processor will check on action roles if they are defined in
<action path="/uploadfile"type="com.db.gci.ge.epg.actions.UploadFileAction" name="fileUploadForm"
scope="request" validate="false" input="/uploadFile.jsp" roles="uploader">
</action>RequestProcessor and over-ride the processRoles() method.
If you want to do application based-security then you need to extend the
I'm currently looking into application-based security, this is all I havefound so far:
in a few hours.http://puneetdelhi.tripod.com/ http://www.junlu.com/msg/40353.html
If you need more help and noone else replies, I'll write what I have found
Mailing List <[EMAIL PROTECTED]>Paul ------------------------------------------------------------ Global Equity Derivatives Technology Deutsche Bank [/] Office +44 (0)20 754 55458 Mobile +44 (0)7736 299483 Fax +44 (0)20 7547 2752 ------------------------------------------------------------
Kelly Goedert
<[EMAIL PROTECTED] To: Struts Users
xxera.com> cc:problem
Subject: RequestProcessor
action?30/12/2003 11:22 Please respond to "Struts Users Mailing List"
Can anyone give me an example on how to use the RequestProcessor?
I want to use the RequestProcessor to check on action roles. Do I have
to subclass it? Or I can use it as it is?
To use roles to I have to configure anything in the container too? Or
just setting the roles parameter and using the RequestProcessor, will
allow mw to check the roles that the user might have to access that
Thanksare not the intended recipient (or have received this e-mail in error)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--
This e-mail may contain confidential and/or privileged information. If you
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]