struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: How do I use JAAS(JbossSX) in Struts?
Date Wed, 08 Jun 2005 15:14:36 GMT
It does protect it! As your error message showed.

The struts protection centres around the container's security. Struts 
calls request.getRoles() (or similar) to find out if you are in that role.

Since you do not have that URL in your web.xml constraints, the 
container doesn't force you to log in. Therefore the container cannot 
provide struts with any role info, since you are not authenticated.

Secondly, and I think this is your problem, the container may not give 
any authentication information to any requests which are outside its 
security constraints even if you have previously authenticated. However 
I am not sure about that. I know the servlet spec treats SSL constraints 
in this way. Try it and see.


On 08/06/05 13:26&nbsp;marc wrote:
> No /HelpDesk/bruger/* in web.xml should not protect /DB/home.
> But roles="admin" in
>  <action path="/DB/home"
>                 type=""
>                 roles="admin">
> when the user has the admin role,
> should protect it. Should't ??
> Marc
> Adam Hardy wrote:
>> I don't know! It's not clear what you want.
>> Let me turn the question round:  in your web.xml why do you think that 
>> protecting /HelpDesk/bruger/* should also protect /DB/home?
>> Adam
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message