Announcement Announcement Module
Collapse
No announcement yet.
How to make Struts2 Action url secure ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to make Struts2 Action url secure ?

    Hi All,

    I am having personAction class(struts2 action) with name /remove . How can I make this url secure using spring security?

    struts.xml
    Code:
      <action name="remove" class="personAction" method="remove">
                <result>pages/list.jsp</result>
                <result name="input">pages/list.jsp</result>
      </action>
    
       <action name="save" class="personAction" method="save">
                <result>pages/list.jsp</result>
                <result name="input">pages/list.jsp</result>
      </action>
    I have tried including as below but secure login page doen't popup

    applicationContext-security.xml


    Code:
      <intercept-url pattern="/remove**" access="ROLE_SUPERVISOR"/>
            <intercept-url pattern="/save**" access="IS_AUTHENTICATED_REMEMBERED" />
    Thanks,
    Sarada.

  • #2
    Can you post your web.xml - are you sure you've configured Spring Security correctly there?

    Comment


    • #3
      Please find the below for web.xml

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <!--
        - Tutorial web application
        -
        - $Id: web.xml 2995 2008-04-24 00:27:37Z luke_t $
        -->
      
      <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
      
          <display-name>Spring Security Tutorial Application</display-name>
          
          <!--
      	  - Location of the XML file that defines the root application context
      	  - Applied by ContextLoaderListener.
      	  -->
      	<context-param>
      		<param-name>contextConfigLocation</param-name>
      		<param-value>
      			classpath:applicationContext-business.xml
      			/WEB-INF/applicationContext-security.xml
      		</param-value>
      	</context-param>
      	
          <context-param>
              <param-name>log4jConfigLocation</param-name>
              <param-value>/WEB-INF/classes/log4j.properties</param-value>
          </context-param>	
      
          <filter>
              <filter-name>springSecurityFilterChain</filter-name>
              <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          </filter>
      
          <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
          </filter-mapping>
      
      	<!--
      	  - Loads the root application context of this web app at startup.
      	  - The application context is then available via
      	  - WebApplicationContextUtils.getWebApplicationContext(servletContext).
          -->
      	<listener>
      		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      	</listener>
      
      	<!--
      	  - Publishes events for session creation and destruction through the application
      	  - context. Optional unless concurrent session control is being used.
            -->
          <listener>
            <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
          </listener>
          
          <listener>
              <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
          </listener>    
      
        <!--
      	- Provides core MVC application controller. See contacts-servlet.xml.
          -->
      	 <filter>
              <filter-name>struts2</filter-name>
              <filter-class>
                  org.apache.struts2.dispatcher.FilterDispatcher
              </filter-class>
          </filter>
      
          <filter-mapping>
              <filter-name>struts2</filter-name>
              <url-pattern>/*</url-pattern>
          </filter-mapping>
      
      
      
           <welcome-file-list>
      		<welcome-file>index.jsp</welcome-file>
      	</welcome-file-list>
      
      </web-app>

      Comment


      • #4
        How to make Struts2 Action url secure ?

        Hi,

        You want to make url secure..means..u you want to redirect from http to https..! right.!

        You can do this by using channelProcessingFilter in spring - applicationcontext-security.xml file.

        In this filter declaration you can provide urls for which you can write "REQUIRES_SECURE_CHANNEL".

        Hope this helps.

        Thanks,
        Nisha

        Comment


        • #5
          Hi Nisha,

          Thanks for the response. It's not http to https.

          I ran spring-security-samples-tutorial-2.0.5.RELEASE.war

          Now I tried to inegrate with struts2.

          When a user click on remove hyper link (i.e my action) i want to spring security smilar to above war example.

          Thanks,
          Sarada.

          Comment


          • #6
            Hi Everyone,

            It was working fine by including <intercept-url pattern="/remove**" access="ROLE_SUPERVISOR"/>

            The problem is Eclipse have not cleared the application and deployed.

            Thank you all for your vaulable time.

            Comment

            Working...
            X