It does protect it! As your error message showed.
The struts protection centres around the container's security. Struts
calls request.getRoles() (or similar) to find out if you are in that role.
Since you do not have that URL in your web.xml constraints, the
container doesn't force you to log in. Therefore the container cannot
provide struts with any role info, since you are not authenticated.
Secondly, and I think this is your problem, the container may not give
any authentication information to any requests which are outside its
security constraints even if you have previously authenticated. However
I am not sure about that. I know the servlet spec treats SSL constraints
in this way. Try it and see.
Adam
On 08/06/05 13:26 marc wrote:
No /HelpDesk/bruger/* in web.xml should not protect /DB/home.
But roles="admin" in
<action path="/DB/home"
type="wilson.helpdesk.actions.menu.ToDbAction"
roles="admin">
when the user has the admin role,
should protect it. Should't ??
Marc
Adam Hardy wrote:
I don't know! It's not clear what you want.
Let me turn the question round: in your web.xml why do you think that
protecting /HelpDesk/bruger/* should also protect /DB/home?
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]