It does protect it! As your error message showed.

The struts protection centres around the container's security. Struts calls request.getRoles() (or similar) to find out if you are in that role.

Since you do not have that URL in your web.xml constraints, the container doesn't force you to log in. Therefore the container cannot provide struts with any role info, since you are not authenticated.

Secondly, and I think this is your problem, the container may not give any authentication information to any requests which are outside its security constraints even if you have previously authenticated. However I am not sure about that. I know the servlet spec treats SSL constraints in this way. Try it and see.

Adam

On 08/06/05 13:26 marc wrote:
No /HelpDesk/bruger/* in web.xml should not protect /DB/home.

But roles="admin" in
 <action path="/DB/home"
                type="wilson.helpdesk.actions.menu.ToDbAction"
                roles="admin">
when the user has the admin role,
should protect it. Should't ??


Marc

Adam Hardy wrote:

I don't know! It's not clear what you want.

Let me turn the question round: in your web.xml why do you think that protecting /HelpDesk/bruger/* should also protect /DB/home?


Adam



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to