Web.xml security configuration (struts)

Hi all
i want to restrict the access for the following URL:
http://localhost:8080/InventoryManager/Usermanagement/addUser.do?methodToCall=addInvUser
But if i define it like that in web.xml it doesn't work:
<security-constraint>
<display-name>User</display-name>
<web-resource-collection>
<web-resource-name>user creation</web-resource-name>
<url-pattern>/Usermanagement/addUser.do?methodToCall=addInvUser*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>create_user</role-name>
</auth-constraint>
</security-constraint>
All other restrictions i created to far are working, but mostly this is restricted for a URL and not a struts action like above.
Could somebody tell me how i can restrict the access to the method addInvUser or the action mapping addUser.do ?
Thanks
Angela

Perhaps it's not possible (to use HTTP params) as a restricted URL.
But you can always chek user role programmatically.
best regards,
Maris Orbidans
SCJP SCWCD SCBCD

Similar Messages

  • Web.xml - security constraint question

    I want to make a kind of inverted security constraint. I want to ALLOW access to one specific page over HTTP. All other pages should be HTTPS.
    Is that possible???

    Use the <security-role-ref> for the Faces Servlet to map the LDAP roles to the logical role names used by the managed bean to determine if links may be rendered.
    Bean code:
    this.isAdmin = context.getExternalContext().isUserInRole("admin");web.xml:
            <security-role>
              <role-name>Local Admin Group</role-name>
         </security-role>
         <security-role>
              <role-name>DBA Group</role-name>
         </security-role>
        <!-- Faces Servlet -->
        <servlet>
            <servlet-name>Faces Servlet</servlet-name>
            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
            <security-role-ref>
                  <role-name>admin</role-name>
                  <role-link>DBA Group</role-link>
           </security-role-ref>
            <security-role-ref>
                  <role-name>admin</role-name>
                  <role-link>Local Admin Group</role-link>
           </security-role-ref>
        </servlet>

  • Help! web.xml security without using WAR files

    I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.

    The RDBMSRealm is just the authentication mechanism underneath WLS versus the
    web.xml of the WebApplication which describes all the access control for that WebApp.
    the later being scoped only to that WebApp.
    you don't need to deploy in a war file, you can expand the archive into an identical
    directory structure and then just point us towards the top level of that structure.
    see: http://www.weblogic.com/docs51/classdocs/webappguide.html
    .paul
    chris wrote:
    I'm currently using the RDBMSRealm and URL ACL security for my app. I would like to use the web.xml descriptor for security so that I can specify login pages and such. We currently are not using WAR files. I've been having alot of trouble setting this up. Is there a way to use the RDBMS realm along with the web.xml security? It looks like it should work, but I can't seem to get it to function. How do I specify the regular document root as a webapp? I'm currently running WLS 5.1 with SP4. Thanks.

  • Oracle Service Bus 11gR1 - missing Web Services Security Configuration?

    I am trying to configure a web service which uses username token policy.
    The below option is missing in Proxy Service --> Security
    Web Services Security Configuration
    Process WS-Security Header     Yes     NoIs there anything that needs to be enabled for the above to show up in Proxy Service-->Security.

    This option was enabled by removing the username token policy from the wsdl file.
    Thanks for looking.

  • Web.xml: security-constraint [un]usable in JSF?

    <security-constraint> in web.xml is a simple, effective and portable method of declaring a web application�s security policies.
    It's been noted, however, in an earlier topic (http://forum.java.sun.com/thread.jspa?threadID=747919&messageID=4279347) that it has it�s limitations in the context of jsf.
    A reasonable solution would be to consult <security-constraint> elements in one�s own web.xml when rendering <h:commandLink>'s on a page according to the security policy.
    Unfortunately, there is no standard method of reading web.xml, other than what�s available from the ServletContext.
    I found some container specific-implementations in the Cargo project from the http://cargo.codehaus.org,
    but I�m looking for a portable solution. Any thoughts?
    Thanks, y�all!

    Use the <security-role-ref> for the Faces Servlet to map the LDAP roles to the logical role names used by the managed bean to determine if links may be rendered.
    Bean code:
    this.isAdmin = context.getExternalContext().isUserInRole("admin");web.xml:
            <security-role>
              <role-name>Local Admin Group</role-name>
         </security-role>
         <security-role>
              <role-name>DBA Group</role-name>
         </security-role>
        <!-- Faces Servlet -->
        <servlet>
            <servlet-name>Faces Servlet</servlet-name>
            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
            <security-role-ref>
                  <role-name>admin</role-name>
                  <role-link>DBA Group</role-link>
           </security-role-ref>
            <security-role-ref>
                  <role-name>admin</role-name>
                  <role-link>Local Admin Group</role-link>
           </security-role-ref>
        </servlet>

  • Web.xml Security LoginPage / LoginTF does not work

    Hi Guys,
    In JDev 11.1.1.5, using the WebCenter extension we get some strange behaviour I cannot explain.
    I have a feeling I am missing some small step, but I cannot see what step, so I thought to ask :).
    Here are the steps we took:
    We use:
    -     JDeveloper 11.1.1.5
    -     WebCenter extension
    Steps we took, within an WebCenter Portal application:
    1.     Create an index.html which is the default start point of the application.
    2.     index.html redirects to faces/pages_home.
    3.     In pages.xml our home is an landingPage.
    4.     This landingPage is configured for authenticated-role only in pages.xml.
    5.     Configure a custom login-TF with .jspx loginPage on it.
    6.     In the web.xml on the security tab, we configure Form-Based Authentication with our custom login-TF as Login Page.
    7.     In the jazn-data.xml we configure this TF and grant the anonymous-role.
    8.     Run the application, we get an 404.
    I would expect the following:
    1. Application tries to reach the home page.
    2. The home page is only available for authenticated users.
    3. The login mechanism (from the web.xml) starts to work.
    4. The TF/page configured in the web.xml gets launched.
    Some how, as said we get a 404 instead of our loginTF/Page.
    In an Jdevelloper 11.1.1.2 application, this seems to work fine with the same configuration, but now in 11.1.1.5 we get a 404 error.
    Did we miss a configuration / Overlook some setting?
    Why does this not work?
    If anybody has any tips on where to look or what to do, this would be helpful :)
    I have a test case in which I can reproduce this problem, both within an WCP application as in a pure ADF application.
    I can provide this if anyone is interested :)
    Regards,
    Richard Olrichs

    Hmmm, apparently you have to put “/faces/adf.task-flow?adf.tfId=login-TF&amp;adf.tfDoc=/” in front of the TF, which results in the following web.xml tag:
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/faces/adf.task-flow?adf.tfId=login-TF&amp;adf.tfDoc=/WEB-INF/login-TF.xml</form-login-page>
    <form-error-page>/WEB-INF/error.html</form-error-page>
    </form-login-config>
    </login-config>
    I don't know why, but now it redirects correctly to our custom login-TF.
    Can someone explain this behaviour?
    Anyhow, help is not needed anymore :P
    Cheers,
    Richard
    Edited by: Richard Olrichs on Feb 21, 2012 8:41 AM

  • How can I get the context-parm from a web.xml file using struts?

    Hello:
    I need get the context-param from the web.xml file of my web project using struts. I want configurate the jdbc datasource connection pooling here. For example:
    <context-param>
    <param-name>datasource</param-name>
    <param-value>jdbc/formacion</param-value>
    <description>Jdbc datasource</description>
    </context-param>
    and then from any Action class get this parameter.
    Similar using a simple server can be:
    /** Initiates new XServlet */
    public void init(ServletConfig config) throws ServletException {
              for (Enumeration e = config.getInitParameterNames(); e.hasMoreElements();) {
                   System.out.println(e.nextElement());
              super.init(config);
              String str = config.getInitParameter("datasource");
              System.out.println(str);
         public void doPost(HttpServletRequest req, HttpServletResponse res)
              throws ServletException, IOException {
              // res.setContentType( );
              System.out.println("Got post request in XServlet");
              PrintWriter out = res.getWriter();
              out.println("nada");
              out.flush();
              out.close();
    but only this works for init-params, if I use
    <servlet>
         <servlet-name>MyServlet</servlet-name>
         <display-name>MyServlet</display-name>
         <servlet-class>myExamples.servlet.MyServlet</servlet-class>
         <init-param>
         <param-name>datasource</param-name>
         <param-value>jdbc/formacion</param-value>
    </init-param>
    </servlet>
    inside my web.xml. I need something similar, but using struts inside the action class for that I can get the context-params and call my database.
    Thank you

    To get context parameters from your web.xml file you can simply get the ActionServlet object from an implementing action object class. In the perform (or execute) method make the following call.
    ServletContext context = getServlet().getServletContext();
    String tempContextVar =
    context.getInitParameter("<your context param >");

  • Web.xml security-constraint order matters?

    After a long and frustrating debuggin session I've just discovered that the order in which <security-constraint>
    entries are added to the web.xml file matters to OC4J.
    That is if a more laxed rule is matched first the rest
    (even though they might be more precise or even an
    exact match won't be applied.
    Is this normal behaviour?
    EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>Protected</web-resource-name>
          <url-pattern>/admin*.uix</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>DSMSuperUser</role-name>
        </auth-constraint>
      </security-constraint>
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Secure</web-resource-name>
          <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>DSMUser</role-name>
        </auth-constraint>
      </security-constraint>

    Here is an excerpt from the servlet spec stating the proper behavior:
    The container matches URL patterns defined in security constraints
    using the same algorithm described in this specification for matching client
    requests to servlets and static resources as described in SRV.11.1
    SRV.11.1 Use of URL Paths
    Upon receipt of a client request, the web container determines the web application
    to which to forward it. The web application selected must have the the longest
    context path that matches the start of the request URL. The matched part of the URL
    is the context path when mapping to servlets.
    The web container next must locate the servlet to process the request using the
    path mapping procedure described below:
    The path used for mapping to a servlet is the request URL from the request
    object minus the context path. The URL path mapping rules below are used in
    order. The first successful match is used with no further matches attempted:
    1. The container will try to find an exact match of the path of the request to the
    path of the servlet. A successful match selects the servlet.
    2. The container will recursively try to match the longest path-prefix: This is done
    by stepping down the path tree a directory at a time, using the ’/’ character as
    a path separator. The longest match determines the servlet selected.
    3. If the last segment in the URL path contains an extension (e.g. .jsp), the servlet
    container will try to match a servlet that handles requests for the extension.
    An extension is defined as the part of the last segment after the last ’.’ character.
    4. If neither of the previous three rules result in a servlet match, the container will
    attempt to serve content appropriate for the resource requested. If a "default"
    servlet is defined for the application, it will be used.
    The container must use case-sensitive string comparisons for matching.
    So this is STILL an issue w/ 10.1.2.0.2...
    EXAMPLE BELOW WORKS - INVERT ENTRIES AND IT WILL FAIL
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>oemAdmin</web-resource-name>
    <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>OEM_ADMIN</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>allOem</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>OEM_USER</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    If I don't find a SR for this issue I'll open one b/c this is not acceptable.

  • Web.xml security

    Let�s say that I have 2 main groups, group USER and group ADMIN.
    Now let�s say that I have 3 other groups, groups A, B, and C.
    The structure in OCS would look something like this.
    group USER has members group A, group B, group C and group ADMIN
    group ADMIN has members that are just users, no groups
    From our application to perform a isUserInRole(group B) would group B have to appear in the web.xml file or should I only have to have group USER in the web.xml file?

    Hi,
    the web.xml file contains all groups that you reference in URL constraints in teh web.xml or call via isUserInRole(). Note that you also can use different names in isUserInRole() but then you need to use the role-ref element to map it to a role that exists in web.xml.
    Note that J2EE doesn't support RBAC in the web.xml, which means that there is no role that is a member of a role. OC4J supports this from the security provider site, but still this isn't the case for J2EE itself.
    Frank

  • Web.xml security-constraint

    Hi,
    Anybody has any idea about this one:
    In web.xml I have:
         <security-constraint>
              <web-resource-collection>
                   <web-resource-name>members</web-resource-name>
                   <url-pattern>/members/*</url-pattern>
              </web-resource-collection>
              <auth-constraint>
                   <role-name>REGISTERED_USERS</role-name>
              </auth-constraint>
              <user-data-constraint>
                   <description>SSL is required</description>
                   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
         </security-constraint>
         <security-constraint>
    when using the above one, every time when i click any link in /members, the weblogic
    first treat the user as guest at the beginning, then change to the real logined
    user.
    After I changed it to :
         <security-constraint>
              <web-resource-collection>
                   <web-resource-name>members</web-resource-name>
                   <url-pattern>/members/</url-pattern>
              </web-resource-collection>
              <auth-constraint>
                   <role-name>REGISTERED_USERS</role-name>
              </auth-constraint>
              <user-data-constraint>
                   <description>SSL is required</description>
                   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
         </security-constraint>
         <security-constraint>
    i click the links in /members, the weblogic treat the user as the real logined
    user.
    Any idea what is the * 's meaning or any clue where this difference is mentioned
    in weblogic or SUN's documentation?
    BTW: I am using weblogic 5.1 with sp11.
    Thx,
    dliu

    Hi,
    Please provide a "WEB-INF/weblogic.xml" file as well like following:
    *"weblogic.xml"*
    <?xml version='1.0' encoding='UTF-8'?>
    <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <security-role-assignment>
    <role-name>BMOUser</role-name>
    <principal-name>BMOUser</principal-name>
    </security-role-assignment>
    </weblogic-web-app>
    Thanks
    Jay SenSharma
    http://weblogic-wonders.com (WebLogic Wonders Are here)

  • What to add in web.xml to configure Tomahawk1.1.3

    I have added following libraries to my project
    1.tomahawk-1.1.3.jar
    2.tomahawk-facelets.jar
    3.commons-filupload.jar
    what to add in web.xml to work it correctly? I m using NetBeans5.5 with Tomcat 5.5.17 and JDK1.6
    plz help.

    Thnx hamidaga for reply. I added common-io-1.1.jar but still no luck :(
    I m getting same error at tomcat5.5.17 server log
    java.lang.ClassNotFoundException: [Ljava.lang.String;
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1352)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
    at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:615)
    Mar 9, 2007 4:27:31 PM org.apache.catalina.core.StandardContext start
    SEVERE: Error listenerStart
    and now I m stuck. I cant execute anything..
    plz help.

  • Web.xml, struts and ssl

    Hi there,
    on our projects web pages we use struts, to combine the html of our pages with the java code behind. To enable SSL I added a security constraint to the web.xml:
         <security-constraint>
              <display-name>SSL Constraint</display-name>
              <web-resource-collection>
                   <web-resource-name>secured login resource</web-resource-name>
                   <description></description>
                   <url-pattern>/index.html</url-pattern>
                   <url-pattern>*.do</url-pattern>
                   <http-method>GET</http-method>
                   <http-method>PUT</http-method>
                   <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                   <description></description>
                   <role-name>authenticatedUser</role-name>
              </auth-constraint>
              <user-data-constraint>
                   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
         </security-constraint> Some of our web pages need to use no SSL. So I added (for first testing) a second security constraint to the web.xml and defined which pages should be without SSL:
         <security-constraint>
              <display-name>No-SSL Constraint</display-name>
              <web-resource-collection>
                   <web-resource-name>businesstransaction resource</web-resource-name>
                   <description></description>
                   <url-pattern>*.go</url-pattern>
                   <http-method>GET</http-method>
                   <http-method>PUT</http-method>
                   <http-method>POST</http-method>
              </web-resource-collection>
              <auth-constraint>
                   <description></description>
                   <role-name>authenticatedUser</role-name>
              </auth-constraint>
              <user-data-constraint>
                   <transport-guarantee>NONE</transport-guarantee>
              </user-data-constraint>
         </security-constraint>As you can see, I exchanged *.do with *.go for testing. I simply defined all actions I want to be used without SSL with a .go instead of a .do in the struts.config.
    In principle it works, but there is a problem: The default behaviour for struts seems to be that the name of the new action is posted in the url at the end of the standard starting url.
    Our url starts with https://localhost:9443/client-web/, and whatever action I start, this url text in the browser window never changes, regardless of wether the next action would be protected or not.
    First I thought my url pattern would be wrong, or the user or whatever. But then I found out, that when changing the url in the browser window by hand to http://localhost:9080/client-web/ it works. The web page then is without SSL active. And when I manually change the url while viewing a page that is meant to be SSL protected, the browser automatically changes to the SSL adress.
    But then again, moving to a page without SSL does not enforce the browser to change its adress to the no SSL String. So again, SSL is active though a non secure access would be allowed.
    Anybody has any idea how to change this default behaviour? It would be important to not only tell the server that non secure would be ok, but to actually USE non secure connection automatically.
    The internet explorer is not able to upload files in SSL mode (though any other browser is able to), and our customer insists on using IE. And to tell the users "oh, just edit the line there in the window manually and reload the page will help ... or use Firefox" will not be a suitable solution.
    Regards, Rommie.

    There is a plugin called sslext which will do most of what you need.
    http://sslext.sourceforge.net/
    I think the last time I used it I made some changes to the plugin source so that I could force non-ssl to be the default behavour unless SSL was explictily stated in struts.config, but can't remember for sure. Bottom line is it will do most of what you need and can probably be modified to do the rest without too much trouble.

  • Weblogic 10 jaas and login.jsp and web.xml/weblogic.xml security constaints

    Hello,
    I struggled through and got the examples.security.jaas.SampleCallbackHandler.java and examples.common.utils.ExampleUtils.java/ExampleConstants.java into eclipse where they compile. A bean I made can call SambleCallbackHandler like such:
    mybean.logmein(username,password,url). I can then do a mybean.getStatus() or even a mybean.returnCode(). It does seem to correctly identlify that it is authenticating me (I see in stdout logs that it shows success or failures. The problem I have is I do not know how to apply this weblogic and web.xml/weblogic.xml so that if authentication works it redirects me to the page requiring the authentication. In web.xml I have the following set up:
    <security-role>
         <role-name>Admins</role-name>
    </security-role>
    <login-config>
         <auth-method>FORM</auth-method>
         <realm-name>default</realm-name>
         <form-login-config>
              <form-login-page>/login.jsp</form-login-page>
              <form-error-page>/badlogin.html</form-error-page>
         </form-login-config>
    </login-config>
    <security-constraint>
         <web-resource-collection>
              <web-resource-name>empower</web-resource-name>
              <description>These pages are only accessible by authorized users.</description>
              <url-pattern>/admin/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
         </web-resource-collection>
    <auth-constraint>
    <description>These are the roles who have access</description>
    <role-name>Administrators</role-name>
    </auth-constraint>
         <user-data-constraint>
         <description>This is how the user data must be transmitted</description>
         <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
    </security-constraint>
    My weblogic.xml has:
    <?xml version="1.0" encoding="UTF-8"?>
    <wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
    <wls:security-role-assignment>
    <wls:role-name>Admins</wls:role-name>
    <wls:principal-name>Administrators</wls:principal-name>
    <wls:principal-name>dashap</wls:principal-name>
    </wls:security-role-assignment>
    </wls:weblogic-web-app>
    With this set up, if I try to go to a page in /admin folder in my application, it correctly pops up the login page. The jaas in the bean is doing a loginContext.login(), which I thought does authentication too, but it never goes back to the /admin page I was going to that needed the authentication. With jaas, can I not use the web.xml FORM security option? Do I Need to use j_security in the login.jsp's form's action= option and j_username and j_password for the input type names? How do I use j_username/j_password things if I am using jaas? I could just ignore using the web.xml security stuff and put something in the pages that need authentication, but it would be easier if I could use jaas with the security featurs without doing all that. Note that my code above is using a realm called default just because that was what was in the example I got from the web. Does that need to be something else?

    Hi John,
    I would like magic of course. However, in this case I want something special: my authentication provider uses special means and contents of headers, cookies and service from external identity management systems to determine the user's identity.
    I do not want the application to present the login dialog! I want to derive the identity and the fact that the user is logged in from whatever the authentication provider returns in terms of Subject.
    Ideally, the flow is something like:
    - user accesses an unprotected resource - resource is shown, no interaction with authentication provider
    - user presses a link or button that takes him/her to a protected resource
    - the authentication provider is contacted to work with the identity asserter to establish the identity of the current user and create a subject object for this user
    - the application can access the subject and principals
    - ADF Security recognizes the identity and the roles (based on the principals) and coordinates access based on this.
    the authentication method is client certificate. presumably this prompts WebLogic/OPS to use an identity asserter to work with custom headers and cookies ("... when you configure a web application to use CLIENT-CERT authentication. In this case, WebLogic can perform identity assertion based on values from request headers and cookies. If the header name or cookie name matches the active token type for the provider, the value is passed to the provider."). No login form should be presented to the user, as all information required to perform the authentication is already available.
    I am trying to understand what I must do to have the ADF application adopt the subject set by the authentication provider - if anything?!
    If you more ideas to share - I would love to hear them.
    best regards,
    Lucas

  • Security constaint in Oracle 10.1.2 - Web.xml

    hi,
    I can access my URL in both http and https .
    1) http://myURL.com
    2) https://myURL.com:4444
    But I want this logic to be contained in Web.xml where in only for some resource , I need to use https. I put the following in Web.xml ...But it is not working . As soons as i hit welcome.jsp , IE is trying to download the page to my Harddrive.( ???) .
    following is code in web.xml
    ========
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>
    test
    </web-resource-name>
    <url-pattern>/Welcome.jsp</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    ====
    what is wrong with this code ?
    PLUS I cannot access the site as https://myURL.com with out port number . I always have to append 4444 . Is there any way to autmatically add the port .
    Thanks
    Message was edited by:
    user526264

    Hi,
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    doesn't redirect to SSL but shows an http error if access is not with SSL
    Frank

  • What is Wrong with my filter and filter-mapping in web.xml?

    First, thanks all for your attention.
    I have checked the place where I should place <filter> and <filter-mapping> in web.xm. They should be after the <display-name>, before <servlet> and <servlet-mapping>.
    However, as soon as I insert the <filter> and <filter-mapping> elements in my web.xml, all my struts-bean.tld, struts-html.tld, etc. in the web.xml cannot be found at the runtime.
    Please help in identifying the problem. Thank you.
      <filter>
       <filter-name>trailFilter</filter-name>
       <filter-class>org.osjava.taglib.trail.OriginalRequestFilter</filter-class>
      </filter>
      <filter-mapping>
       <filter-name>trailFilter</filter-name>
       <url-pattern>*.do</url-pattern>
      </filter-mapping>and my web-xml is:
    <?xml version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
      "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
    <web-app>
      <display-name>Struts Example Application</display-name>
      <!-- Action Servlet Configuration -->
      <servlet>
        <servlet-name>action</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
        <init-param>
          <param-name>config</param-name>
          <param-value>/WEB-INF/struts-config.xml, /WEB-INF/struts-config-registration.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
      </servlet>
      <!-- Action Servlet Mapping -->
      <servlet-mapping>
        <servlet-name>action</servlet-name>
        <url-pattern>*.do</url-pattern>
      </servlet-mapping>
      <!-- The Welcome File List -->
      <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>
      <!-- The default error page -->
      <error-page>
       <exception-type>java.lang.Exception</exception-type>
       <location>\Error.jsp</location>
      </error-page>
      <!-- Application Tag Library Descriptor -->
      <taglib>
        <taglib-uri>/tags/app</taglib-uri>
        <taglib-location>/WEB-INF/app.tld</taglib-location>
      </taglib>
      <!-- Struts Tag Library Descriptors -->
      <taglib>
        <taglib-uri>/tags/struts-bean</taglib-uri>
        <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
      </taglib>
      <taglib>
        <taglib-uri>/tags/struts-html</taglib-uri>
        <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
      </taglib>
      <taglib>
        <taglib-uri>/tags/struts-logic</taglib-uri>
        <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
      </taglib>
      <taglib>
        <taglib-uri>/tags/struts-nested</taglib-uri>
        <taglib-location>/WEB-INF/struts-nested.tld</taglib-location>
      </taglib>
    </web-app>

    Filters were introduced in the servlet 2.3 specification (j2ee 1.3) - http://java.sun.com/products/servlet/Filters.html.
    Your web.xml constraints your web application to adhere to 2.2 standards (according to your DOCTYPE definition in your web.xml). Change it to conform to 2.3 standards
    <!DOCTYPE web-app
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
            //your definitions
    </web-app>Note : Your container should support the 2.3 spec (Tomcat 4.0 and above does, I guess)
    ram.

Maybe you are looking for