在Struts中如何定认action的role属性?

xuhaitao71 03-10-06

见下面的web.xml:
<web-app>
<display-name>Certificate Servlet</display-name>
<servlet>
<servlet-name>CertificateServlet</servlet-name>
<servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FileServlet</servlet-name>
<servlet-class>weblogic.servlet.FileServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>CertificateServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>

<!--
Authentication
-->

<security-constraint>
<web-resource-collection>
<web-resource-name>CertificateServlet</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>
与此类似,我应在Struts框架中定认basic security?

xuhaitao71
2003-10-06 16:57

web.xml重传

<web-app>
<display-name>Certificate Servlet</display-name>
<servlet>
<servlet-name>CertificateServlet</servlet-name>
<servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FileServlet</servlet-name>
<servlet-class>weblogic.servlet.FileServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>CertificateServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>

<!--
Authentication
-->

<security-constraint>
<web-resource-collection>
<web-resource-name>CertificateServlet</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>

xuhaitao71
2003-10-06 21:26

已经解决,其实把CertificateServlet改为Struts中的唯一的ActionServlet即可,不必用到action的role属性,例(在weblogic7中通过):

<security-constraint>
<display-name>admin</display-name>
<web-resource-collection>
<web-resource-name>action</web-resource-name>
<url-pattern>/initial.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>