I'm presuming you also have the following in your web.xml:
<security-role>
<description>Admin user allowed to invoke all methods</description>
<role-name>admin</role-name>
</security-role>
to define the security roles used?
If you change your action path to reflect the url pattern for the 'admin'
role secured resource, it should certainly work and should not require the
role attribute like this:
<action path="/HelpDesk/bruger/DB/home"
type="wilson.helpdesk.actions.menu.ToDbAction">
Vance
> -----Original Message-----
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of marc
> Sent: Tuesday, 7 June 2005 8:03 PM
> To: user@struts.apache.org
> Subject: Re: How do I use JAAS(JbossSX) in Struts?
>
> Ok seems like it is not working well at all.
>
> Me login is logging me in ok. But it seems like neither me web.xml or my
> struts actions is looking in me roles.
>
> I have a admin user wdkmaol, that has the admin role. To test things I
> made this code in the login action:
> **************************************************
> Subject testsub = lc.getSubject();
> Set testset = testsub.getPrincipals();
>
> Iterator ite = testset.iterator();
>
> while (ite.hasNext()){
> System.out.println("CYKLE CYKLE:
> "+ite.next().toString());
> }
> ***************************************************
> This prints out:
> ***************************************************
> CYKLE CYKLE: wdkmaol
> CYKLE CYKLE: Roles(members:admin)
> ***************************************************
> So I should be in the right role.
>
>
> Then I put this in me web.xml:
> ***************************************************
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Secure Content</web-resource-name>
> <url-pattern>/HelpDesk/bruger/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> ***************************************************
> But there is no problem going to ****/HelpDesk/bruger/adduser, as the
> admin.
>
> Last but not least I didt this in some action's to test:
> ***************************************************
> <action path="/DB/home"
> type="wilson.helpdesk.actions.menu.ToDbAction"
> roles="admin">
> <forward name="home"
> path=".dbcontrol.welcome"
> redirect="false"/>
> </action>
>
> ***************************************************
>
> When I try to access this it comes back with:
> ***************************************************
> User is not authorized to access action /DB/home
> ***************************************************
> Even thow Im in the admin role.
>
>
> Im I missing something??
> I followed this howto, to get it work:
> http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&;
> Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1
>
>
>
>
>
> Vance Karimi wrote:
> > I use xdoclet and since Struts 1.1 you can do something like this in
> your
> > Action class where you can specify the list of Roles that have access to
> > this action.
> >
> > /**
> > * @struts.action
> > * name="CustomerCreateForm"
> > * path="/operator/customers/customer/CustomerAddAction"
> > * input="/operator/customers/customer/CustomerCreatePage.jsp"
> > * scope="request"
> > * validate="true"
> > * roles = "Admin,Operator"
> > ...
> >
> > However I have settled for declarative security with JBossSX and define
> the
> > context relative URLs to protect with specified roles in my web.xml.
> But I
> > presume you are doing this anyway if using JBossSX.
> >
> >
> >
> >>-----Original Message-----
> >>From: news [mailto:[EMAIL PROTECTED] On Behalf Of marc
> >>Sent: Friday, 3 June 2005 10:03 PM
> >>To: user@struts.apache.org
> >>Subject: Re: How do I use JAAS(JbossSX) in Struts?
> >>
> >>Yeah looks cool and works with Velocity. I'm working on getting it to
> >>work in me project.
> >>
> >>But I still need to have access controls on me different action's.
> >>
> >>
> >>
> >>Vance Karimi wrote:
> >>
> >>>Have a look at the Struts Menu plugin
> >>>http://struts-menu.sourceforge.net/
> >>>
> >>>
> >>>
> >>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
