Carsten Schiller wrote:
Hello!
We are trying to implement a login/security environment using Tomcat 5.5's
JAASRealm and Struts as a MVC-Framework.
After Login ,which fails with error "HTTP Status 403 - Access to the
requested ressource has been denied", we can navigate manually to our
output.jsp and use
...
<%= request.getUserPrincipal %> ,
...
<%= request.isUserInRole("administrator") %>
...
<logic:present role="administrator">
Admin present!
</logic:present>
These return correct username, (true) for isUserInRole, and the logic tag
also works...
BUT
Our problem is: We protected *.do in our web.xml to be only accessible by
users in role "administrator", which fails as described above.
Why does the login fail, but we still get a valid Subject with Principals,
and can access the roles on the output.jsp?
We are stuck now for over a week, reading tutorials, asking google, but
with no success... Any Ideas would be appreciated!
Hi,
I think resources that does not require authentication, like your
output.jsp, should return null from request.getUserPrincipal().
But what kind of JAAS loginmodule you have? Does that login module
work correctly?
- Jukka -
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]