在Struts中如何定认action的role属性?

03-10-06 xuhaitao71

见下面的web.xml:

<web-app>

<display-name>Certificate Servlet</display-name>

<servlet>

<servlet-name>CertificateServlet</servlet-name>

<servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>

</servlet>

<servlet>

<servlet-name>FileServlet</servlet-name>

<servlet-class>weblogic.servlet.FileServlet</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>CertificateServlet</servlet-name>

<url-pattern>/</url-pattern>

</servlet-mapping>

<servlet-mapping>

<servlet-name>FileServlet</servlet-name>

<url-pattern>*.html</url-pattern>

</servlet-mapping>

<servlet-mapping>

<servlet-name>FileServlet</servlet-name>

<url-pattern>*.gif</url-pattern>

</servlet-mapping>

<!--

Authentication

-->

<security-constraint>

<web-resource-collection>

<web-resource-name>CertificateServlet</web-resource-name>

<url-pattern>*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>admin</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>BASIC</auth-method>

</login-config>

<security-role>

<role-name>admin</role-name>

</security-role>

</web-app>

与此类似,我应在Struts框架中定认basic security?

xuhaitao71
2003-10-06 16:57

web.xml重传

<web-app>
  <display-name>Certificate Servlet</display-name>
  <servlet>
    <servlet-name>CertificateServlet</servlet-name>
    <servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FileServlet</servlet-name>
    <servlet-class>weblogic.servlet.FileServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>CertificateServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
  	<servlet-name>FileServlet</servlet-name>
  	<url-pattern>*.html</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
    <servlet-name>FileServlet</servlet-name>
    <url-pattern>*.gif</url-pattern>
  </servlet-mapping>

  <!--
    Authentication
  -->

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>CertificateServlet</web-resource-name>
      <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

  <security-role>
    <role-name>admin</role-name>
  </security-role>

</web-app>

xuhaitao71
2003-10-06 21:26

已经解决,其实把CertificateServlet改为Struts中的唯一的ActionServlet即可,不必用到action的role属性,例(在weblogic7中通过):

<security-constraint>
    <display-name>admin</display-name>
    <web-resource-collection>
      <web-resource-name>action</web-resource-name>
      <url-pattern>/initial.do</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role>
<p>