Websphere j_security_check struts2 issue

StackOverflow https://stackoverflow.com/questions/11205610

Question

I have a web project working fine in JBOSS with form-based auth. But when i deploy the same in websphere 7 i am getting HTTP 500 error.

My web.xml

<display-name>Test</display-name>
<filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>*.action</url-pattern>
</filter-mapping>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>
</welcome-file-list>
<listener>
    <listener-class>org.apache.tiles.web.startup.TilesListener</listener-class>
</listener>
<context-param>
    <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
    <param-value>/WEB-INF/tiles.xml</param-value>
</context-param>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>test_actions</web-resource-name>
        <description></description>
        <url-pattern>*.action</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description></description>
        <role-name>testuser</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <security-role>
    <description></description>
    <role-name>testuser</role-name>
  </security-role>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Default</realm-name>
    <form-login-config>
        <form-login-page>/login_form.jsp</form-login-page>
        <form-error-page>/login_error.jsp</form-error-page>
    </form-login-config>
</login-config>

index.html

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>TEST</title>
</head>
<body onload="document.MainForm.submit();">
    <form action="welcomeAction.action" method="post" id="MainForm" name="MainForm">
</form>
</body>
</html>

I have an interceptor AuthorizationInterceptor which extends RolesInterceptor and this interceptor actually check users exsists in our DB request.getUserPrincipal().getName() is used for getting userid.So when welcomeAction.action is called it should have come to AuthorizationInterceptor,but request never reaches here.

In websphere i have enabled global security. Websphere LoginForm example works fine. Should i have to right an j_security_check filter by myself? or websphere webcontainer handle this. (In LoginForm i have seen LoginFilter code). But i believe websphere webcontainer should handle the j_security_check stuff like jboss or tomcat..

Was it helpful?

Solution

You have to create a custom form and submit to j_security_check. WebSphere does not handle this by default. Refer: http://www.redbooks.ibm.com/abstracts/tips0220.html?Open

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top