On 8/11/07, BruceLee <[EMAIL PROTECTED]> wrote: > > Thank Matt. I use 1.9.4 + WebWork. Is struts.xml still used?
No. It's xwork.xml for WebWork. > Now I don't use /mystuff.jsp instead of /user/mystuff.jsp. Even I comment > out lines below in web.xml > <!-- XX > <filter-mapping> > <filter-name>securityFilter</filter-name> > <url-pattern>*.jsp</url-pattern> > </filter-mapping> --> > > I still cannot bypass login for this form. One thing is the action method > uses UserAction and UserManager classes. Is some security checking for them? Yes, UserManager's methods are protected for admin users only. Matt > -Bruce > > > mraible wrote: > > > > I think I know why it's hitting UserAction if your path is > > /user/action. You need to set SlashesInActionNames to true. Add the > > following at the top of struts.xml: > > > > <constant name="struts.enable.SlashesInActionNames" value="true" /> > > > > Matt > > > > On 8/10/07, Matt Raible <[EMAIL PROTECTED]> wrote: > >> When you say "it's not working", what do you mean? Do you mean you > >> want to bypass the login form for this form? If so, it's really all > >> about getting the URLs correct in security.xml. To prove it, remove > >> the filter-mapping for securityFilter in web.xml. > >> > >> Matt > >> > >> On 8/10/07, BruceLee <[EMAIL PROTECTED]> wrote: > >> > > >> > Thanks Matt for advice. However it appears still not work for me. > >> > As I click Submit on form, I get tomcat log as below. Are any more > >> clues? > >> > > >> > [cmnweb] DEBUG [http-8080-Processor25] > >> > InstantiatingNullHandler.nullPropertyValue(72) | Entering > >> nullPropertyValue > >> > [EMAIL PROTECTED], > >> property=org] > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(248) | > >> JspEngine > >> > --> /login.jsp > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(249) | > >> > ServletPath: /login.jsp > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(250) | > >> > PathInfo: null > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(251) | > >> > RealPath: > >> /local/sw/tomcat/apache-tomcat-5.5.23/webapps/cmnweb/login.jsp > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(252) | > >> > RequestURI: /cmnweb/login.jsp > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(253) | > >> > QueryString: null > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(254) | > >> > Request Params: > >> > [cmnweb] DEBUG [http-8080-Processor25] > >> > InstantiatingNullHandler.nullPropertyValue(72) | Entering > >> nullPropertyValue > >> > [EMAIL PROTECTED], > >> > property=appConfig] > >> > [cmnweb] DEBUG [http-8080-Processor25] > >> ApplicationDispatcher.<init>(185) | > >> > servletPath=/WEB-INF/pages/loginForm.jsp, pathInfo=null, > >> queryString=null, > >> > name=null > >> > [cmnweb] DEBUG [http-8080-Processor25] > >> ApplicationDispatcher.doInclude(565) > >> > | Path Based Include > >> > [cmnweb] DEBUG [http-8080-Processor25] > >> > InstantiatingNullHandler.nullPropertyValue(72) | Entering > >> nullPropertyValue > >> > [EMAIL PROTECTED], > >> property=org] > >> > [cmnweb] DEBUG [http-8080-Processor25] JspServlet.service(248) | > >> JspEngine > >> > --> /WEB-INF/pages/loginForm.jsp > >> > ... > >> > > >> > > >> > mraible wrote: > >> > > > >> > > Moving your *.jsp mappings to above **/*.html should fix your > >> problem. > >> > > > >> > > Matt > >> > > > >> > > On 8/10/07, BruceLee <[EMAIL PROTECTED]> wrote: > >> > >> > >> > >> Matt, you are right. It doesn't like /user/*. > >> > >> However, it still asks me to sign in after I submit the form even I > >> set > >> > >> it > >> > >> ROLE_ANONYMOUS in security.xml as below > >> > >> /**/*.html*=admin,user > >> > >> /myform.jsp*=ROLE_ANONYMOUS,admin,user > >> > >> /myform2.html*=ROLE_ANONYMOUS,admin,user > >> > >> > >> > >> Beside, does /myform2.html map to /pages/myform2.jsp (or > >> myform2.action > >> > >> if > >> > >> no .jsp)? When I try /myform2.html, it jumps to login.jsp. But in > >> appfuse > >> > >> sample, /signup.html seems working well to map to /pages/signup.jsp. > >> > >> So besides the xwork.xml Mike mentioned, is any other config file to > >> > >> control > >> > >> this mapping? > >> > >> Thanks a lot, -Bruce > >> > >> > >> > >> > >> > >> > >> > >> mraible wrote: > >> > >> > > >> > >> > Do you have an Action for register.jsp? It looks like it's getting > >> > >> > confused and links that /user/* maps to UserAction. > >> > >> > > >> > >> > Matt > >> > >> > > >> > >> > On 8/10/07, BruceLee <[EMAIL PROTECTED]> wrote: > >> > >> >> > >> > >> >> Team, > >> > >> >> > >> > >> >> I tried to add a new page web/user/register.jsp to my project > >> based on > >> > >> >> appfuse 1.9.4. > >> > >> >> > >> > >> >> When I submit a form on localhost:8080/myprj/user/register.jsp, > >> it > >> > >> >> redirect > >> > >> >> to login.jsp. > >> > >> >> > >> > >> >> If I login with an active user first, then I get error > >> > >> >> org.acegisecurity.userdetails.UsernameNotFoundException: user > >> > >> >> 'userRegister' > >> > >> >> not found... > >> > >> >> ... > >> > >> >> at com.cmn.webapp.action.UserAction.edit(UserAction.java:115) > >> > >> >> > >> > >> >> But my jsp page never directly calls this edit() method. I wonder > >> if > >> > >> some > >> > >> >> security or inceptor setup not good? > >> > >> >> Basically I don't want any security feature by now. I just want > >> to > >> > >> submit > >> > >> >> a > >> > >> >> form and save the data to table User. > >> > >> >> > >> > >> >> my xwork.xml > >> > >> >> <action name="userRegister" class="userAction" > >> > >> method="create"> > >> > >> >> <result > >> > >> name="success">/WEB-INF/pages/user/main.jsp</result> > >> > >> >> <result name="error" > >> > >> >> type="redirect">/user/register.jsp</result> > >> > >> >> <result > >> > >> >> name="input">/WEB-INF/pages/user/register.jsp</result> > >> > >> >> </action> > >> > >> >> > >> > >> >> More > >> > >> http://www.nabble.com/file/p12085995/UsernameNotFoundException.txt > >> > >> >> UsernameNotFoundException.txt error log, see attached file > >> > >> >> Thanks! -Bruce > >> > >> >> > >> > >> >> -- > >> > >> >> View this message in context: > >> > >> >> > >> > >> > >> http://www.nabble.com/Cannot-add-new-.jsp-page-to-appfuse-1.9.4-tf4246912s2369.html#a12085995 > >> > >> >> Sent from the AppFuse - User mailing list archive at Nabble.com. > >> > >> >> > >> > >> >> > >> --------------------------------------------------------------------- > >> > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> >> > >> > >> >> > >> > >> > > >> > >> > > >> > >> > -- > >> > >> > http://raibledesigns.com > >> > >> > > >> > >> > > >> --------------------------------------------------------------------- > >> > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > >> > For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > >> > >> > > >> > >> > > >> > >> > >> > >> -- > >> > >> > >> > >> View this message in context: > >> > >> > >> http://www.nabble.com/Cannot-add-new-.jsp-page-to-appfuse-1.9.4-tf4246912s2369.html#a12097846 > >> > >> > >> > >> Sent from the AppFuse - User mailing list archive at Nabble.com. > >> > >> > >> > >> > >> --------------------------------------------------------------------- > >> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > > > >> > > > >> > > -- > >> > > http://raibledesigns.com > >> > > > >> > > --------------------------------------------------------------------- > >> > > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > > For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > >> > > > >> > > > >> > > >> > -- > >> > View this message in context: > >> http://www.nabble.com/Cannot-add-new-.jsp-page-to-appfuse-1.9.4-tf4246912s2369.html#a12098564 > >> > Sent from the AppFuse - User mailing list archive at Nabble.com. > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > For additional commands, e-mail: [EMAIL PROTECTED] > >> > > >> > > >> > >> > >> -- > >> http://raibledesigns.com > >> > > > > > > -- > > http://raibledesigns.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/Cannot-add-new-.jsp-page-to-appfuse-1.9.4-tf4246912s2369.html#a12108490 > Sent from the AppFuse - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- http://raibledesigns.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
