struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Struts Two <struts...@yahoo.ca>
Subject Re: Struts 2 Container Security problem
Date Wed, 18 Mar 2009 00:06:51 GMT

Are you able to Access a URL that goes to an action directly? I myself have Websphere 6.1.0.21
for my RAD 7.5 and I am not able to do so. Hmmmmm...........I am going to try this on our
AIX test servers to double check. 

--- On Tue, 3/17/09, pblatner <pblatner@gmail.com> wrote:

> From: pblatner <pblatner@gmail.com>
> Subject: Re: Struts 2 Container Security problem
> To: user@struts.apache.org
> Received: Tuesday, March 17, 2009, 9:20 PM
> 
> I installed the latest fix pack for WebSphere, bringing my
> version up to
> 6.1.0.21 and it did the trick.  The Web container
> authentication now works
> as I expected it to.  
> 
> Thanks for the feedback.
> Pete.
> 
> 
> pblatner wrote:
> > 
> > I don't see how this fix applies to the problem I
> mentioned below: 
> > http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK31377
> > 
> > The text there doesn't say anything about resolving an
> issue where
> > WebSphere doesn't seem to be recognizing servlet
> filters as resources to
> > secure using web container authentication.
> > 
> > 
> > Musachy Barroso wrote:
> >> 
> >> Just as a reference, there is a ticket open for
> this:
> >> 
> >> https://issues.apache.org/struts/browse/WW-2642
> >> 
> >> musachy
> >> 
> >> On Mon, Mar 16, 2009 at 5:37 PM, Struts Two <strutstwo@yahoo.ca>
> wrote:
> >>>
> >>> There is a problem running Struts 2.1.6 on
> Websphere when security is
> >>> enabled. The case happens when url is an
> action not a resource like jsp
> >>> or html. Refer to JIRA WW-2642 that I opened
> almost a year ago.
> >>>
> >>> I was hoping that Apache group can get their
> hands on Websphere to
> >>> verify the issue but it seems like a distant
> probability as I have not
> >>> heard any news on that for sometime.
> >>>
> >>> But on the bright site, there may be some good
> news on this soon. As I
> >>> had to locate WAS L3 support in person and I
> am working with them on
> >>> this issue [though the pace is slow].
> >>>
> >>> Also keep in mind, the same issue exists on
> WAS 7.0.0.1 with a slight
> >>> variation. If this is determined to be a
> Websphere problem with WAS 6.1.
> >>> Then I have a stronger case to press issue for
> WAS 7.0.
> >>>
> >>> --- On Mon, 3/16/09, pblatner <pblatner@gmail.com>
> wrote:
> >>>
> >>>> From: pblatner <pblatner@gmail.com>
> >>>> Subject: Re: Struts 2 Container Security
> problem
> >>>> To: user@struts.apache.org
> >>>> Received: Monday, March 16, 2009, 9:05 PM
> >>>>
> >>>> I have tried to do the exact thing that
> Jeromy suggests
> >>>> below with 2
> >>>> packages.  And then in the web.xml
> specify a security
> >>>> constraint with the
> >>>> URL pattern "/protected/*".  After doing
> so, I am not
> >>>> getting the result
> >>>> that I think I should be.
> >>>>
> >>>> When issuing a request for my action at
> >>>> "http://localhost/MyApp/protected/HomeAction", the
> >>>> container is not
> >>>> intercepting and challenging me with my
> logon.html page.
> >>>>
> >>>> Anyone know why this isn't working?
> >>>>
> >>>> The struts 2 servlet-filter pattern is
> "/*"..  It seems
> >>>> pretty obvious that
> >>>> the struts 2 servlet filter is responding
> to the first part
> >>>> of the URL:
> >>>> "http://localhost/MyApp/*" and the
> container isn't
> >>>> seeing that as a secured
> >>>> resource.
> >>>>
> >>>> Am I missing a configuration pattern
> somewhere that tells
> >>>> the container to
> >>>> inspect the full URL before allowing the
> servlet filter to
> >>>> process it?
> >>>>
> >>>> My deployment environment is WebSphere
> 6.1.  Are there
> >>>> any incompatibilities
> >>>> between WebSphere 6.1 and struts 2 that
> could be causing
> >>>> this?
> >>>>
> >>>> Thanks,
> >>>> Pete.
> >>>>
> >>>>
> >>>> Jeromy Evans - Blue Sky Minds wrote:
> >>>> >
> >>>> > In struts.xml, the namespace given to
> your package
> >>>> needs be in
> >>>> > /protected as well.
> >>>> > eg. <package name="myPackage"
> >>>> namespace="/protected">
> >>>> > Otherwise, as you've seen, it's
> available in the root
> >>>> of the
> >>>> > application's context path.
> >>>> >
> >>>> > I usually split my struts2
> application into at least
> >>>> two packages:
> >>>> > <package name="public"
> namespace="/"> ...
> >>>> > <package name="secure"
> namespace="/protected">
> >>>> >
> >>>>
> >>>> --
> >>>> View this message in context:
> >>>> http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22547426.html
> >>>> Sent from the Struts - User mailing list
> archive at
> >>>> Nabble.com.
> >>>>
> >>>>
> >>>>
> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>>> For additional commands, e-mail: user-help@struts.apache.org
> >>>>
> >>>>
> >>>
> >>>
> >>>    
>  __________________________________________________________________
> >>> Instant Messaging, free SMS, sharing photos
> and more... Try the new
> >>> Yahoo! Canada Messenger at http://ca.beta.messenger.yahoo.com/
> >>>
> >>>
> >>>
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> For additional commands, e-mail: user-help@struts.apache.org
> >>>
> >>>
> >> 
> >> 
> >> 
> >> -- 
> >> "Hey you! Would you help me to carry the stone?"
> Pink Floyd
> >> 
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >> For additional commands, e-mail: user-help@struts.apache.org
> >> 
> >> 
> >> 
> > 
> > 
> 
> -- 
> View this message in context: http://www.nabble.com/Struts-2-Container-Security-problem-tp15571409p22568026.html
> Sent from the Struts - User mailing list archive at
> Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


      __________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites.
Download it now at
http://ca..toolbar.yahoo.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message