You probably don't need to send it to an action, you just need to render
the HTML form for authentication. So, login.jsp would suffice. As far
as s2 is concerned, authentication is completely external. The role
interceptor just uses the HttpServletRequest to obtain the roles that
the current user is logged in under.
/Ian
Piero Sartini wrote:
> Hello List,
>
> i try figuring out how security will work with struts2. I have an EJB3
> application - the frontend will be written using s2.
>
> I added the RolesInterceptor to an action:
> ----- code ----
> <interceptor-ref name="roles">
> <param name="allowedRoles">portalUser</param>
> </interceptor-ref>
> ----- code ----
>
> Accessing this action does give me a 403 - thats ok, because I am not logged
> in. But how do I login?
>
> My web.xml looks like that:
> ----- code ----
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>MyCustomRealm</realm-name>
> <form-login-config>
> <form-login-page>/Login_input.action</form-login-page>
> <form-error-page>/Login_error.action</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <description>registered portal user</description>
> <role-name>portalUser</role-name>
> </security-role>
> ----- code ----
>
> is this correct? Is it even possible to use FORM-based authentication with
> struts2? If not, could you please give me a hint how this will work?
>
> Goal is that the user is presented with the login form if he is not
> authenticated - if he logged in successfully within that form, the
> intercepted action should continue.
>
> Thanks in advance,
> Piero
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@(protected)
> For additional commands, e-mail: user-help@(protected)
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)
