struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pblatner <pblat...@gmail.com>
Subject Re: Struts 2 Container Security problem
Date Tue, 17 Mar 2009 16:15:21 GMT

I don't see how this fix applies to the problem I mentioned below: 
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK31377

The text there doesn't say anything about resolving an issue where WebSphere
doesn't seem to be recognizing servlet filters as resources to secure using
web container authentication.


Musachy Barroso wrote:
> 
> Just as a reference, there is a ticket open for this:
> 
> https://issues.apache.org/struts/browse/WW-2642
> 
> musachy
> 
> On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <strutstwo@yahoo.ca> wrote:
>>
>> There is a problem running Struts 2.1.6 on Websphere when security is
>> enabled. The case happens when url is an action not a resource like jsp
>> or html. Refer to JIRA WW-2642 that I opened almost a year ago.
>>
>> I was hoping that Apache group can get their hands on Websphere to verify
>> the issue but it seems like a distant probability as I have not heard any
>> news on that for sometime.
>>
>> But on the bright site, there may be some good news on this soon. As I
>> had to locate WAS L3 support in person and I am working with them on this
>> issue [though the pace is slow].
>>
>> Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight
>> variation. If this is determined to be a Websphere problem with WAS 6.1.
>> Then I have a stronger case to press issue for WAS 7.0.
>>
>> --- On Mon, 3/16/09, pblatner <pblatner@gmail.com> wrote:
>>
>>> From: pblatner <pblatner@gmail.com>
>>> Subject: Re: Struts 2 Container Security problem
>>> To: user@struts.apache.org
>>> Received: Monday, March 16, 2009, 9:05 PM
>>>
>>> I have tried to do the exact thing that Jeromy suggests
>>> below with 2
>>> packages.  And then in the web.xml specify a security
>>> constraint with the
>>> URL pattern "/protected/*".  After doing so, I am not
>>> getting the result
>>> that I think I should be.
>>>
>>> When issuing a request for my action at
>>> "http://localhost/MyApp/protected/HomeAction", the
>>> container is not
>>> intercepting and challenging me with my logon.html page.
>>>
>>> Anyone know why this isn't working?
>>>
>>> The struts 2 servlet-filter pattern is "/*"..  It seems
>>> pretty obvious that
>>> the struts 2 servlet filter is responding to the first part
>>> of the URL:
>>> "http://localhost/MyApp/*" and the container isn't
>>> seeing that as a secured
>>> resource.
>>>
>>> Am I missing a configuration pattern somewhere that tells
>>> the container to
>>> inspect the full URL before allowing the servlet filter to
>>> process it?
>>>
>>> My deployment environment is WebSphere 6.1.  Are there
>>> any incompatibilities
>>> between WebSphere 6.1 and struts 2 that could be causing
>>> this?
>>>
>>> Thanks,
>>> Pete.
>>>
>>>
>>> Jeromy Evans - Blue Sky Minds wrote:
>>> >
>>> > In struts.xml, the namespace given to your package
>>> needs be in
>>> > /protected as well.
>>> > eg. <package name="myPackage"
>>> namespace="/protected">
>>> > Otherwise, as you've seen, it's available in the root
>>> of the
>>> > application's context path.
>>> >
>>> > I usually split my struts2 application into at least
>>> two packages:
>>> > <package name="public" namespace="/"> ...
>>> > <package name="secure" namespace="/protected">
>>> >
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html
>>> Sent from the Struts - User mailing list archive at
>>> Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>
>>
>>      __________________________________________________________________
>> Instant Messaging, free SMS, sharing photos and more... Try the new
>> Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
> 
> 
> 
> -- 
> "Hey you! Would you help me to carry the stone?" Pink Floyd
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22562774.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message