[jboss-user] [Security & JAAS/JBoss] - Re: Users bookmarking login.jsp causes problems
ragavgomatam
do-not-reply at jboss.com
Thu Aug 7 20:50:05 EDT 2008
Hi
We ran into a similar problem before & if I remember correct, secure the <url-pattern> in your web.xml properly. The url that you put inside this tag is crucial. In our old struts based application our web.xml went like this :-
<welcome-file-list>
| <welcome-file>jsp/welcome.jsp</welcome-file>
| </welcome-file-list>
| <error-page>
| <error-code>500</error-code>
| <location>/jsp/error.jsp</location>
| </error-page>
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>SecurePages</webresource-name>
| <description>
| Security constraint testing using custom Jaas Module
| </description>
| <url-pattern>*.do</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
So basically anything that goes to Struts Action Servlet is protected. Plus Users are not exposed to the jsp's directly. Even if they book-mark a page, they are redirected to welcome page
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169433#4169433
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169433
More information about the jboss-user
mailing list