I'm trying to implement role based authentication using struts1.1 roles attribute of action tag, but am facing some strange problem. below is my action tag...
<forward name="success" path="/locale.jsp"/>
When request comes for /locale, I get Bad Request page. it acts like i've not defined <action> for /locale.
moment i remove the roles att, everything works fine. I'm sure that i'm using struts1.1, so i dont think its the problem of version.
Have you mapped your logical roles in your WEB.XML and setup a suitable <security-constraint>?
No I've not done any such mapping. In fact I'm not aware of such mapping.
I'm using weblogic 8.1 sp3. I'm taking shortcut, instead of trying and going through docs :)) It would be gr8 help if you could give me example of defining logical roles in web.xml depending upon the the <action> tag I mentioned in my previous post.
For all the roles stuff to work you'll need to define users and roles in your container. I use OC4J day to day so these are defined in a config file called jazn-data.xml - WebLogic will have something similar.
Then in your web.xml you need the following bits:
1) Tell the container what kind of authentication BASIC, FORM, DIGEST (look these up)
2) Define one or more roles that you'll be using (that you defined in your container config)
3) Then define a security constraint which protects a set of URLs. When such a URL is entered the container will prompt for username and password. The username you use will determine the role as users are assigned to roles.
That should give you enough to go on.
Hey this is solved, Actually there is no need to put all this in web.xml. Actually it was my misunderstanding regarding the Error 400 - Bad Request. My app was not handling the loggedin user properly, and so the action in which i defined the roles, was not able to find the roles in user principal and was throwing error 400 - bad request, denoting that particular user is not in the roles assigned to the action and was throwing him out.
Anyway, thanks a lot for all your help.