Struts 2 security

Posted by Dewfy on Stack Overflow See other posts from Stack Overflow or by Dewfy
Published on 2010-04-07T16:39:40Z Indexed on 2010/04/07 16:43 UTC
Read the original article Hit count: 291

Filed under:

struts2

|

security

|

javaee

Does Struts 2 has complete solution for simple login task? I have simple declaration in struts.xml:

  <package namespace="/protected" name="manager" extends="struts-default" >

    <interceptors>
        <interceptor-stack name="secure">
            <interceptor-ref name="roles">
                <param name="allowedRoles">registered</param>
            </interceptor-ref>
        </interceptor-stack>
    </interceptors>
    <default-action-ref name="pindex"/>

    <action name="pindex" >
        <interceptor-ref name="completeStack"/>
        <interceptor-ref name="secure"/>
        <result>protected/index.html</result>
    </action>
</package>

Accessing to this resource shows only (Forbidden 403). So what should I do on the next step to:

Add login page (standart Tomcat declaration on web.xml with <login-config> not works) ?
Provide security round trip. Do I need write my own servlet or exists struts2 solutions?

Thanks in advance!

© Stack Overflow or respective owner

Related posts about struts2

Struts2 - How to use the Struts2 Annotations?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to implement the Struts 2 Annotations in my project, but I don't know how. I added the convention-plugin v 2.1.8.1 to my pom I modified the web.xml ... <init-param> <param-name>actionPackages</param-name> <param-value>org.apache.struts.helloworld.action</param-value> … >>> More
Struts2 + Sitemesh + Freemarker doesn't work

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried following every example i ccould find and i can't get struts2 + sitemesh + freemarker to work on a simple jsp. I have a very simple web.xml, a single action that just goes to index.jsp, and a simple .ftl decorator that just adds some text to the result. When i hit index.action, the page… >>> More
File upload and Download in a web app using struts2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi In struts2 upload methods, can I choose where the uploaded file must be saved. I mean, all the examples in web ask me to store in WEB-INF which surely is not a good idea. I want to be able to store the uploaded file in any place in my disk. How should i do it? Can i do it with help of ServletContextAware… >>> More
Struts2 example, not inserting records in mysql database because connection object is getting null

as seen on Stack Overflow - Search for 'Stack Overflow'
This Code is working fine with simple application so the drivers are fine. so why the connection object is not able to initialise with drivers. import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; import java.sql.Statement; import com.opensymphony.xwork2.ActionSupport; public… >>> More
Testing injected dependencies into your struts2 actions

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am wondering how others might have accomplished this. I found in the Spring documentation @required which I attempted to use in a 'test' but got this stmt INFO XmlConfigurationProvider:380 - Unable to verify action class [xxx] exists at initialization I have found another way in spring to… >>> More

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More