在Struts中如何定认action的role属性?

xuhaitao71
03-10-06 2 153

见下面的web.xml:
<web-app>
<display-name>Certificate Servlet</display-name>
<servlet>
<servlet-name>CertificateServlet</servlet-name>
<servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FileServlet</servlet-name>
<servlet-class>weblogic.servlet.FileServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>CertificateServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>FileServlet</servlet-name>
<url-pattern>*.gif</url-pattern>
</servlet-mapping>

<!--
Authentication
-->

<security-constraint>
<web-resource-collection>
<web-resource-name>CertificateServlet</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

</web-app>
与此类似,我应在Struts框架中定认basic security?

xuhaitao71
2003-10-06 16:57

web.xml重传

<web-app>
  <display-name>Certificate Servlet</display-name>
  <servlet>
    <servlet-name>CertificateServlet</servlet-name>
    <servlet-class>weblogic.servlet.security.CertificateServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FileServlet</servlet-name>
    <servlet-class>weblogic.servlet.FileServlet</servlet-class>
  </servlet>

  <servlet-mapping>
    <servlet-name>CertificateServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
  	<servlet-name>FileServlet</servlet-name>
  	<url-pattern>*.html</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
    <servlet-name>FileServlet</servlet-name>
    <url-pattern>*.gif</url-pattern>
  </servlet-mapping>

  <!--
    Authentication
  -->

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>CertificateServlet</web-resource-name>
      <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

  <security-role>
    <role-name>admin</role-name>
  </security-role>

</web-app>

xuhaitao71
2003-10-06 21:26

已经解决,其实把CertificateServlet改为Struts中的唯一的ActionServlet即可,不必用到action的role属性,例(在weblogic7中通过):

<security-constraint>
    <display-name>admin</display-name>
    <web-resource-collection>
      <web-resource-name>action</web-resource-name>
      <url-pattern>/initial.do</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
    <role-name>admin</role-name>
  </security-role>