Security with struts

hy!
one more question:
is it true, that each page in the folder "WEB-INF" or a subfolder of "WEB-INF" cannot be reached from the address line? or does the action also be in the mentioned folder?
or is this nonesense??
if yes, how can i make my project secure, i only want the users to get to the login-page!
tia
ciao david

is it true, that each page in the folder "WEB-INF" or a subfolder of "WEB-INF"
cannot be reached from the address line?Yes. This is a feature of web containers, and not just of Struts.
Here is a link showing how to set it up in Tomcat:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html
In struts you add a "roles" property to your action mappings. Only users logged in as those roles can access those urls.

Similar Messages

  • Can you have url pattern with struts action in a directory to security

    i want to implement security based on roles and want to use struts action patterns but they dont work
    i am trying something like this
    <url-pattern>/jsps-one/*.jsp</url-pattern>
    <url-pattern>/action-jsps-one/*.do</url-pattern>

    Hi,
    do you knwo that Struts actions have a Role property ? You can use J2EE roles directly on Struts actions without having to fish for the URL pattern.
    Best practices for security in Struts is to place teh JSP files in the WEB-INF directory so they are safe there.
    See http://www.oracle.com/technology/products/jdev/collateral/papers/10g/adfstrutsj2eesec.pdf
    Frank

  • Web Service Security with SAML - Invalid XML signature

    Hello together,
    we want to build a scenario where we want to use Web Service Security  with SAML.
    The scenario will be
    WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
    SAP PI release is 7.11 (SP Level 4)
    We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
    The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
    But we get following error at calling the CRM system when we want to communicate with SAML:
      <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
    Has somebody an idea of the possible reason for the error.
    Thanks in advance
    Stefan

    Error Messages in the Trace/Log Viewer:
    CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
    A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
    Invalid XML signature

  • Is there a way to print a pdf, which is secured with password?

    I want to know a way to print pdf which is secured with password to print without throwing a error ?
    Instead it has to ask for a password and print..

    we need to have an associated application installed in the system for that particular fileYup.
    does javax.print api works for pdf files and word documents?Nope.
    There is something called (I think) iText which can handle PDF documents. No idea whether it includes a printing facility or not.
    db

  • Is there a way to view Flash videos on my iMac without downloading Adobe Flash Player? I'm concerned about performance and security with Flash Player.

    Is there a way to view Flash videos on my iMac without downloading Adobe Flash Player? I'm concerned about performance and security with Adobe Flash Player.

    If the video is only available in a format that requires Flash player : then no.
    However, a great many can also be viewed in an HTML5 version, in which case http://hoyois.github.io/safariextensions/clicktoplugin/ or similar can be set up so that Flash never runs unless you specifically choose it to.

  • Error 500, deployment with struts

    An application developed in JDeveloper 9.02 with struts 1.1b works fine when running using the local OC4J instance running from JDeveloper. I created a deployment profile with a .war and .ear, deployed to the OC4J standalone instance using the EM website, and all seemed well. Now it sporadically gives the "Internal Server Error" when navigating between pages. I can't find anything in the logs, and ideas?

    It's OC4J core install for 9iAS Release 9.02. I've deployed to Solaris since there is a bug that can give this error that is patched for Solaris, but not Windows. The error occurs when navigating pages in a struts app. Sometimes it works fine, then you click on one of the image buttons to go to the next .jsp and this error comes up.
    Ruth
    What version of OC4J you are testing on ?
    Is it OC4J standalone or Oracle9iAS that you are using.
    more details would be helpful in diagnosing the problem.
    -Prasad

  • WLS 8.1 sp1 with Struts 1.1 JSP with bean tag won't compile

              Hello,
              We are currently porting our application which uses struts 1.1 to WLS 8.1 sp1
              from another app server. Everything seems to deploy correctly and pages which
              use struts tags appear to compile and run fine. However, the pages with struts
              <bean:define> tags are not compiling.
              Example JSP Code:
              <bean:define id="userForm" name="userForm" scope="session" toScope="page" type="UserFormBean"/>
              <% if (userForm.hasUserData()) {hasUser=true;} %>
              WLS Console Output:
              ..jsp_servlet\_jsp\_sailor\__home.java:493: cannot resolve symbol
              symbol : variable userForm
              location: class jsp_servlet._jsp._sailor.__home
              if (userForm.hasUserData()) { //[ /jsp/sailor/home.jsp; Line: 38]
              When I look at the JSP's parsed java code (__home.java:493) I find that nowhere
              in the class is the variable userForm declared.
              Is this a bug in WLS? Does anyone know of a workaround?
              Thanks,
              Scott
              

    Please contact customer support [email protected] and request a patch for
              CR112789. AT_END tags do not work correctly in 81sp1
              --Nagesh
              "Scott Fleming" <[email protected]> wrote in message
              news:3f734c0d$[email protected]..
              >
              > Hello,
              >
              > We are currently porting our application which uses struts 1.1 to WLS 8.1
              sp1
              > from another app server. Everything seems to deploy correctly and pages
              which
              > use struts tags appear to compile and run fine. However, the pages with
              struts
              > <bean:define> tags are not compiling.
              >
              > Example JSP Code:
              >
              > <bean:define id="userForm" name="userForm" scope="session" toScope="page"
              type="UserFormBean"/>
              >
              > <% if (userForm.hasUserData()) {hasUser=true;} %>
              >
              > WLS Console Output:
              >
              > ..jsp_servlet\_jsp\_sailor\__home.java:493: cannot resolve symbol
              > symbol : variable userForm
              > location: class jsp_servlet._jsp._sailor.__home
              > if (userForm.hasUserData()) { //[ /jsp/sailor/home.jsp; Line:
              38]
              >
              > When I look at the JSP's parsed java code (__home.java:493) I find that
              nowhere
              > in the class is the variable userForm declared.
              >
              > Is this a bug in WLS? Does anyone know of a workaround?
              >
              > Thanks,
              > Scott
              

  • Custom tag with struts

    Hi
    I would like to create a custom tag that will print this section of html with struts:<tr>
         <td class="f_name"><bean:message bundle="fields" key="firstName" /></td>
         <td class="f_value"><html:text property="firstName" /></td>
    </tr>This means that i sould pass to the custom tag the folowing attributes:
    1. bundle - the bundle name to use ("fields").
    2. property - the name of the submitted filed and the key in the bundle resource ("firstName").
    This is how i want to use it:<html:form action="/register.do" enctype="UTF-8">
    <table cellspacing="0" cellpadding="0" border="0" class="t_details">
    <mytld:text bundle="fields" key="firstName"/>
    <mytld:text bundle="fields" key="lastName"/>
    </html:form>For me, this way looks much easier to develop my application/s, don't you agree?
    The problem is that i can't (or i don't know how) to use custom tags in other a custom tag, and if i include a jsp file (with pageContext.indlude("url");), how do i pass the attributes to the jsp page?
    Thanks a lot
    mamtz

    Interesting answer, i'll put it in my mind, but this is not what i ment :) (nice thinking...)
    what i ment was, html:text tag has many attributes like: property, name, alt, size, maxLength and so on...
    i would like sometimes to use size or maxLength and sometimes not.
    take a look at what i wrote:<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
    <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
    <%
         String property=""+request.getAttribute("property");
         String bundle=""+request.getAttribute("bundle");
         Object max=request.getAttribute("maxLength");
         String maxLength= max==null ? "" : ""+max;
         Object s=request.getAttribute("size");
         String size= s==null ? "" : ""+s;
    %>
         <tr>
              <td class="f_name"><bean:message bundle="<%=bundle%>" key="<%=property%>" /></td>
    <%     if(max!=null && s!=null){
    %>          <td class="f_value"><html:text property="<%=property%>" maxlength="<%=maxLength%>" size="<%=size%>" /></td>
    <%     }else if(max!=null){
    %>          <td class="f_value"><html:text property="<%=property%>" maxlength="<%=maxLength%>" /></td>
    <%     }else if(s!=null){
    %>          <td class="f_value"><html:text property="<%=property%>" size="<%=size%>" /></td>
    <%     }else{
    %>          <td class="f_value"><html:text property="<%=property%>" /></td>
    <%     }
    %>     </tr>pretty complicated, is'nt it?
    think what would happen if i would like to add just one more attribute...

  • Easiest way to validate with Struts?..

    Hello,
    I have a problem with validating a simple form with javascript via Struts validator. It inserts the whole javascript instead <html:javascript formName="whatever"/> and as a result half of the html code that follows gets cut off. I don't know why this happens, maybe because the javascript is so big (although that sounds like nonsense).
    Is there a better, simpler way to validate with Struts? I just want something to start working..
    Thanks.

    Make sure you have validator-rules.xml file in WEB-INF/ folder
    Make sure you have validation.xml file in WEB-INF/ folder
    Modifty validation.xml file to match your form name (as defined in struts-config.xml)
    i think this should be enough

  • InputText issue with Struts

    I'm using jsf 1.1 with struts 1.3.5 and am experiencing an issue with the inputText element. The problem is the name attribute being generated is not allowing the form bean's attributes to be set. For example:
    <h:inputText id="username" value="#{loginForm.username}"/>
    generates
    <input id="_idJsp3:username" name="_idJsp3:username" type="text" value=""/>
    The issue being the name of the field is _idJsp3:username so the form property 'username' is not getting set. I've tried removing the inputText tag and replacing it with this:
    <input name="username" type="text"/>
    And it works. What's the deal? I know a lot of people have used/are using JSF and struts together, what am I doing wrong?
    By the way, this is the last hurdle i need to clear so any help would be appreciated.

    first - thanks for your reply
    I can understand what you mean , to adhere to the MVC conception , we need to have any action go through the controler .
    but , once I wanna access to a jsp file , then I need to set a global-forward and a ForwardAction , when time goes by, and the project keeps getting larger , so there will be too many forwards and FrowardActions , right ?
    actually , I have a Office.jsp , which has a frameset inside , left and right,each invokes a jsp file like this :
    <frameset rows="*" cols="144,*" framespacing="2" frameborder="NO" border="2" bordercolor="#CC0000">
    <frame src="OfficeLeft.jsp" name="leftFrame" scrolling="NO" noresize>
    <frame src="Notification.jsp" name="RightFrame">
    </frameset>
    when I have successfully forwarded to this Office.jsp , it prompts OfficeLeft.jsp and Notification.jsp are not available. so my problem is I don't know how to get this work fine .

  • Problem with FileUpload with Struts

    Hello,
    Here is my form I've created :
    <html:form action="/UploadFile.do" method="post" enctype="multipart/form-data">
    <html:file property="file" />
    </html:form>
    The form I submit conatins a "file" attribute of FileForm type.
    I did exatcly as mentionned in different tutorials to upload files with Struts.
    But I get the following exception and I can't figure out what's happening:
    javax.servlet.ServletException: BeanUtils.populate
    at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:1254)
    java.lang.IllegalArgumentException: argument type mismatch
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    Please Help !
    I'm using Struts 1.1 by the way
    Thank your for your help
    Hugo

    What is in the form bean you're using? You need a field that holds a FormFile object:
    import org.apache.struts.upload.*;
         private FormFile file;
         public FormFile getFile() {
              return this.file;
         public void setFile(FormFile file) {
              this.file = file;
    ...

  • Axis bank net secure with webpin not working on ipad2

    Hi,
    Axis bank net secure with webpin not working on ipad2
    Lt me know how to proceed

    Try using their App:
    https://itunes.apple.com/in/app/axis-bank-mobile-application/id517266358?mt=8

  • Data level Security with Oracle Apps as Source

    Hi all
    I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
    I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
    (for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
    I have created Groups in rpd with same name as the responsibility in Apps.
    I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
    I have created Group in WEB with the same name as the Group name in rpd.
    If I say show all Users and Groups in WEB, I m getting the APPS Users.
    I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
    But in the Report, I m getting all the Business Group Ids,
    Plz advice if I m doing something wrong.
    ThanQ
    Anand

    You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
    Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
    I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

  • WPA Security with the F5D7230-4

    Hey,
    I've successfully bridged my Airport Express from my Belkin F5D7230-4 with WEP Security enabled and it worked very well. Well, I should actually rephrase that; it worked well for all the Macs. The only PC on the wireless network couldn't establish a consistent connection, so I had to change the security to WPA and now everybody's computers work very well (WPA is actually desired). The only problem with WPA is that I can't get WDS to work with it, in other words, the Airport Express won't connect to the Belkin. After configuring the settings the same way as before (except changing the security) the Airport Express will first stay solid yellow, turn green for 2 or 3 seconds, and then flash yellow again. I have tried changing the wireless channel, and telling the Airport Express to just join (not WDS) while the Airport Express next to the Belkin, but still nothing worked.
    Wireless bridging is infact enabled on the Belkin, and I've also tried allowing only certain access points to connect, but that didn't work either.
    Is it possible that I'm not able to use WPA security with WDS on this Belkin router?
    It's a F5D7230-4 Belkin Router with 4.05.03 firmware, and the latest firmware is on the Airport Express.
    Thanks for any help in advance.

    Do you mean to get into the network? I do have a password WPA password set, and that's why the Airport Express can't access it.
    I need WPA set because a: the PC on the network needs it in order to connect, and b: it's much more secure.
    I pretty much need to have the security because the Belkin has it on, and to my understanding, the Airport Express also needs to have it enabled to work.
    Is there any update or anything available that could help my problem, or am I pretty much out of luck?

  • How to use displaytags with struts

    How to use display tags with struts to generate report from database

    I think it would only consist in including the tag library of displaytags in the header and use the prefix of desplay tags.
    Exporting the report from a database would only need to retrieve this information from the database as a List, Map or Collection of objects (beans) and display tem with the corresponding tag (table)
    You have some more information here:
    http://displaytag.sourceforge.net/11/tut_basic.html
    Regards and good luck,
    Fran Serrano.

Maybe you are looking for

  • Keyboard conflict with mac version?

    Hi! I hope you guys can help me. I kind of... spoiled water on my iMac's keyboard and now it's dead! So I'm buying a new one, (since the computer is not mine but my job's office) but I'm searching the model I need which is the usb keyboard with numer

  • Finding Latest Files added to hard drive

    I've got a peculiar problem here. Since yesterday or the day before my available hard drive space has dropped around 3 gigabytes. Thing is, I've installed nothing, downloaded nothing, nor added nothing to the computer. Is there a way to perform a sea

  • Wifi printer not connected

    MB Pro with Lion 10.7.5 working with Epson Stylus SX535WD was fine with wifi printing and suddenly, from one print job to the next, announces "The printer is not connected".  Works fine from my other MBP running the same software.  I have a feeling t

  • Demand management in SAP PP

    how to customize demend management if error is coming in the form of message MA640 while doing transaction mc74 in sap pp module in version ecc6.0

  • Has anyone gotten X Plane 10 to work on a MACBook Pro?

    I'm trying to get X Plane 10 running on Windows 7. The MacBook Pro is a 2012 purchase new. Has anyone succeded in accomplishing that? I read that the most common failures are with the graphics drivers. Tried to update NVIDIA's latest driver but it fa