Struts1.1 & Roles

Discussions

Web tier: servlets, JSP, Web frameworks: Struts1.1 & Roles

  1. Struts1.1 & Roles (4 messages)

    Hello Friends,

    I'm trying to implement role based authentication using struts1.1 roles attribute of action tag, but am facing some strange problem. below is my action tag...

    <action
        path="/locale"
        type="com.some.package.action.LocaleAction"
        name="localeFormBean"
        scope="request"
        input="/locale.jsp"
        parameter="action"
        roles="user,admin">
        <forward name="success" path="/locale.jsp"/>
    </action>

    When request comes for /locale, I get Bad Request page. it acts like i've not defined <action> for /locale.


    moment i remove the roles att, everything works fine. I'm sure that i'm using struts1.1, so i dont think its the problem of version.

    Thanks,
    Jay Khimani

    Threaded Messages (4)

  2. Struts1.1 &amp; Roles[ Go to top ]

    Have you mapped your logical roles in your WEB.XML and setup a suitable <security-constraint>?
  3. Struts1.1 &amp;amp; Roles[ Go to top ]

    Hi,

    No I've not done any such mapping. In fact I'm not aware of such mapping.

    I'm using weblogic 8.1 sp3. I'm taking shortcut, instead of trying and going through docs :)) It would be gr8 help if you could give me example of defining logical roles in web.xml depending upon the the <action> tag I mentioned in my previous post.
  4. Do my Best[ Go to top ]

    For all the roles stuff to work you'll need to define users and roles in your container. I use OC4J day to day so these are defined in a config file called jazn-data.xml - WebLogic will have something similar.
    Then in your web.xml you need the following bits:
    1) Tell the container what kind of authentication BASIC, FORM, DIGEST (look these up)

    <web-app>
    <login-config>
      <auth-method>BASIC</auth-method>
    </login-config>
    ...
    </web-app>
    2) Define one or more roles that you'll be using (that you defined in your container config)

    <web-app>
    ...
    <security-role>
      <role-name>adminstrator</role-name>
    </security-role>
    ...
    </web-app>
    3) Then define a security constraint which protects a set of URLs. When such a URL is entered the container will prompt for username and password. The username you use will determine the role as users are assigned to roles.
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>strutsApp</web-resource-name>
        <url-pattern>/mysStrutsApp/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>administrator</role-name>
      </auth-constraint>
    </security-constraint>

    That should give you enough to go on.
  5. Struts1.1 & Roles[ Go to top ]

    Hey this is solved, Actually there is no need to put all this in web.xml. Actually it was my misunderstanding regarding the Error 400 - Bad Request. My app was not handling the loggedin user properly, and so the action in which i defined the roles, was not able to find the roles in user principal and was throwing error 400 - bad request, denoting that particular user is not in the roles assigned to the action and was throwing him out.

    Anyway, thanks a lot for all your help.

    -Jay