Struts 2 security

Posted by Dewfy on Stack Overflow See other posts from Stack Overflow or by Dewfy
Published on 2010-04-07T16:39:40Z Indexed on 2010/04/07 16:43 UTC
Read the original article Hit count: 242

Filed under:
|
|

Does Struts 2 has complete solution for simple login task? I have simple declaration in struts.xml:

  <package namespace="/protected" name="manager" extends="struts-default" >

    <interceptors>
        <interceptor-stack name="secure">
            <interceptor-ref name="roles">
                <param name="allowedRoles">registered</param>
            </interceptor-ref>
        </interceptor-stack>
    </interceptors>
    <default-action-ref name="pindex"/>

    <action name="pindex" >
        <interceptor-ref name="completeStack"/>
        <interceptor-ref name="secure"/>
        <result>protected/index.html</result>
    </action>
</package>

Accessing to this resource shows only (Forbidden 403). So what should I do on the next step to:

  1. Add login page (standart Tomcat declaration on web.xml with <login-config> not works) ?
  2. Provide security round trip. Do I need write my own servlet or exists struts2 solutions?

Thanks in advance!

© Stack Overflow or respective owner

Related posts about struts2

Related posts about security