Are you able to Access a URL that goes to an action directly? I myself have Websphere 6.1.0.21 for my RAD 7.5 and I am not able to do so. Hmmmmm...........I am going to try this on our AIX test servers to double check.
--- On Tue, 3/17/09, pblatner <pblat...@gmail.com> wrote: > From: pblatner <pblat...@gmail.com> > Subject: Re: Struts 2 Container Security problem > To: user@struts.apache.org > Received: Tuesday, March 17, 2009, 9:20 PM > > I installed the latest fix pack for WebSphere, bringing my > version up to > 6.1.0.21 and it did the trick. The Web container > authentication now works > as I expected it to. > > Thanks for the feedback. > Pete. > > > pblatner wrote: > > > > I don't see how this fix applies to the problem I > mentioned below: > > http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK31377 > > > > The text there doesn't say anything about resolving an > issue where > > WebSphere doesn't seem to be recognizing servlet > filters as resources to > > secure using web container authentication. > > > > > > Musachy Barroso wrote: > >> > >> Just as a reference, there is a ticket open for > this: > >> > >> https://issues.apache.org/struts/browse/WW-2642 > >> > >> musachy > >> > >> On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <struts...@yahoo.ca> > wrote: > >>> > >>> There is a problem running Struts 2.1.6 on > Websphere when security is > >>> enabled. The case happens when url is an > action not a resource like jsp > >>> or html. Refer to JIRA WW-2642 that I opened > almost a year ago. > >>> > >>> I was hoping that Apache group can get their > hands on Websphere to > >>> verify the issue but it seems like a distant > probability as I have not > >>> heard any news on that for sometime. > >>> > >>> But on the bright site, there may be some good > news on this soon. As I > >>> had to locate WAS L3 support in person and I > am working with them on > >>> this issue [though the pace is slow]. > >>> > >>> Also keep in mind, the same issue exists on > WAS 7.0.0.1 with a slight > >>> variation. If this is determined to be a > Websphere problem with WAS 6.1. > >>> Then I have a stronger case to press issue for > WAS 7.0. > >>> > >>> --- On Mon, 3/16/09, pblatner <pblat...@gmail.com> > wrote: > >>> > >>>> From: pblatner <pblat...@gmail.com> > >>>> Subject: Re: Struts 2 Container Security > problem > >>>> To: user@struts.apache.org > >>>> Received: Monday, March 16, 2009, 9:05 PM > >>>> > >>>> I have tried to do the exact thing that > Jeromy suggests > >>>> below with 2 > >>>> packages. And then in the web.xml > specify a security > >>>> constraint with the > >>>> URL pattern "/protected/*". After doing > so, I am not > >>>> getting the result > >>>> that I think I should be. > >>>> > >>>> When issuing a request for my action at > >>>> "http://localhost/MyApp/protected/HomeAction";, the > >>>> container is not > >>>> intercepting and challenging me with my > logon.html page. > >>>> > >>>> Anyone know why this isn't working? > >>>> > >>>> The struts 2 servlet-filter pattern is > "/*".. It seems > >>>> pretty obvious that > >>>> the struts 2 servlet filter is responding > to the first part > >>>> of the URL: > >>>> "http://localhost/MyApp/*"; and the > container isn't > >>>> seeing that as a secured > >>>> resource. > >>>> > >>>> Am I missing a configuration pattern > somewhere that tells > >>>> the container to > >>>> inspect the full URL before allowing the > servlet filter to > >>>> process it? > >>>> > >>>> My deployment environment is WebSphere > 6.1. Are there > >>>> any incompatibilities > >>>> between WebSphere 6.1 and struts 2 that > could be causing > >>>> this? > >>>> > >>>> Thanks, > >>>> Pete. > >>>> > >>>> > >>>> Jeromy Evans - Blue Sky Minds wrote: > >>>> > > >>>> > In struts.xml, the namespace given to > your package > >>>> needs be in > >>>> > /protected as well. > >>>> > eg. <package name="myPackage" > >>>> namespace="/protected"> > >>>> > Otherwise, as you've seen, it's > available in the root > >>>> of the > >>>> > application's context path. > >>>> > > >>>> > I usually split my struts2 > application into at least > >>>> two packages: > >>>> > <package name="public" > namespace="/"> ... > >>>> > <package name="secure" > namespace="/protected"> > >>>> > > >>>> > >>>> -- > >>>> View this message in context: > >>>> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html > >>>> Sent from the Struts - User mailing list > archive at > >>>> Nabble.com. > >>>> > >>>> > >>>> > --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>>> For additional commands, e-mail: user-h...@struts.apache.org > >>>> > >>>> > >>> > >>> > >>> > __________________________________________________________________ > >>> Instant Messaging, free SMS, sharing photos > and more... Try the new > >>> Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/ > >>> > >>> > >>> > --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>> For additional commands, e-mail: user-h...@struts.apache.org > >>> > >>> > >> > >> > >> > >> -- > >> "Hey you! Would you help me to carry the stone?" > Pink Floyd > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> For additional commands, e-mail: user-h...@struts.apache.org > >> > >> > >> > > > > > > -- > View this message in context: > http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22568026.html > Sent from the Struts - User mailing list archive at > Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > __________________________________________________________________ Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at http://ca..toolbar.yahoo.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
