[jboss-user] [Security & JAAS/JBoss] - Re: Users bookmarking login.jsp causes problems

ragavgomatam do-not-reply at jboss.com
Thu Aug 7 20:50:05 EDT 2008

We ran into a similar problem before & if I remember correct, secure the <url-pattern> in your web.xml properly. The url  that you put inside this tag is crucial. In our old struts based application our web.xml went like this :- 

  | 	<welcome-file>jsp/welcome.jsp</welcome-file>
  | </welcome-file-list>
  | <error-page>
  | <error-code>500</error-code>
  |    <location>/jsp/error.jsp</location>
  | </error-page>
  | <security-constraint>
  | <web-resource-collection>
  | <web-resource-name>SecurePages</webresource-name>
  | 	<description>
  | 		Security constraint testing using custom Jaas Module
  | 	</description>
  | 	<url-pattern>*.do</url-pattern>
  | 	<http-method>POST</http-method>
  | 	<http-method>GET</http-method>
  | </web-resource-collection>

So basically anything that goes to Struts Action Servlet is protected. Plus Users are not exposed to the jsp's directly. Even if they book-mark a page, they are redirected to welcome page

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169433#4169433

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169433

More information about the jboss-user mailing list