struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pblatner <pblat...@gmail.com>
Subject Re: Struts 2 Container Security problem
Date Tue, 17 Mar 2009 21:20:12 GMT

I installed the latest fix pack for WebSphere, bringing my version up to
6.1.0.21 and it did the trick.  The Web container authentication now works
as I expected it to.  

Thanks for the feedback.
Pete.


pblatner wrote:
> 
> I don't see how this fix applies to the problem I mentioned below: 
> http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK31377
> 
> The text there doesn't say anything about resolving an issue where
> WebSphere doesn't seem to be recognizing servlet filters as resources to
> secure using web container authentication.
> 
> 
> Musachy Barroso wrote:
>> 
>> Just as a reference, there is a ticket open for this:
>> 
>> https://issues.apache.org/struts/browse/WW-2642
>> 
>> musachy
>> 
>> On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <strutstwo@yahoo.ca> wrote:
>>>
>>> There is a problem running Struts 2.1.6 on Websphere when security is
>>> enabled. The case happens when url is an action not a resource like jsp
>>> or html. Refer to JIRA WW-2642 that I opened almost a year ago.
>>>
>>> I was hoping that Apache group can get their hands on Websphere to
>>> verify the issue but it seems like a distant probability as I have not
>>> heard any news on that for sometime.
>>>
>>> But on the bright site, there may be some good news on this soon. As I
>>> had to locate WAS L3 support in person and I am working with them on
>>> this issue [though the pace is slow].
>>>
>>> Also keep in mind, the same issue exists on WAS 7.0.0.1 with a slight
>>> variation. If this is determined to be a Websphere problem with WAS 6.1.
>>> Then I have a stronger case to press issue for WAS 7.0.
>>>
>>> --- On Mon, 3/16/09, pblatner <pblatner@gmail.com> wrote:
>>>
>>>> From: pblatner <pblatner@gmail.com>
>>>> Subject: Re: Struts 2 Container Security problem
>>>> To: user@struts.apache.org
>>>> Received: Monday, March 16, 2009, 9:05 PM
>>>>
>>>> I have tried to do the exact thing that Jeromy suggests
>>>> below with 2
>>>> packages.  And then in the web.xml specify a security
>>>> constraint with the
>>>> URL pattern "/protected/*".  After doing so, I am not
>>>> getting the result
>>>> that I think I should be.
>>>>
>>>> When issuing a request for my action at
>>>> "http://localhost/MyApp/protected/HomeAction", the
>>>> container is not
>>>> intercepting and challenging me with my logon.html page.
>>>>
>>>> Anyone know why this isn't working?
>>>>
>>>> The struts 2 servlet-filter pattern is "/*"..  It seems
>>>> pretty obvious that
>>>> the struts 2 servlet filter is responding to the first part
>>>> of the URL:
>>>> "http://localhost/MyApp/*" and the container isn't
>>>> seeing that as a secured
>>>> resource.
>>>>
>>>> Am I missing a configuration pattern somewhere that tells
>>>> the container to
>>>> inspect the full URL before allowing the servlet filter to
>>>> process it?
>>>>
>>>> My deployment environment is WebSphere 6.1.  Are there
>>>> any incompatibilities
>>>> between WebSphere 6.1 and struts 2 that could be causing
>>>> this?
>>>>
>>>> Thanks,
>>>> Pete.
>>>>
>>>>
>>>> Jeromy Evans - Blue Sky Minds wrote:
>>>> >
>>>> > In struts.xml, the namespace given to your package
>>>> needs be in
>>>> > /protected as well.
>>>> > eg. <package name="myPackage"
>>>> namespace="/protected">
>>>> > Otherwise, as you've seen, it's available in the root
>>>> of the
>>>> > application's context path.
>>>> >
>>>> > I usually split my struts2 application into at least
>>>> two packages:
>>>> > <package name="public" namespace="/"> ...
>>>> > <package name="secure" namespace="/protected">
>>>> >
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html
>>>> Sent from the Struts - User mailing list archive at
>>>> Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: user-help@struts.apache.org
>>>>
>>>>
>>>
>>>
>>>      __________________________________________________________________
>>> Instant Messaging, free SMS, sharing photos and more... Try the new
>>> Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>> 
>> 
>> 
>> -- 
>> "Hey you! Would you help me to carry the stone?" Pink Floyd
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22568026.html
Sent from the Struts - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message