Hi
I have a problem with secutiry in JBoss when I run the web application and log in with a user, security works fine with everthing except with struts *.do (i.e. it works fine for css file for example I was able to view the css file I am authorized to and when I try to access another css file I am not authorized I have a status error saying access forbidden)
But, when I login with a user who have the role employee which is required for the /Timesheets/*
and try to access
/Timesheets/Timesheets.do
I was excpeting to login nicely but I have status report 403 saying access forbidden
is there something worng in security with the "struts servlet" in Jboss
is some configuration I should do on the struts servle
Sorry for the long post
yours,
Mohamed Fathy
security + jboss
15 posts
• Page 1 of 1
by wouter.zoons » Wed 17. Aug 2005, 07:30
which AndroMDA version are you using ? can you paste your web.xml and struts-config.xml here ?
normally speaking you do not need to configure anything specific, just the security on the server (for example the two properties files in JBoss and the conf/login-config.xml file)
normally speaking you do not need to configure anything specific, just the security on the server (for example the two properties files in JBoss and the conf/login-config.xml file)
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
by Mohamed » Wed 17. Aug 2005, 08:21
Hi i am using AndroMDA 3.0
web.xml is as follows
and mus struts-config.xml is as follows
I am using simple user.properties and roles.properties files
I was browsing the generated web.xml I suspect two thing
1- the struts servlet tries to access a resource that is outside the roles of the currently logged in user (but I dought this)
2- the ResponesOverrideFilter dot this (maybe)
web.xml is as follows
- Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<filter>
<filter-name>ResponseOverrideFilter</filter-name>
<filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ResponseOverrideFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseOverrideFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.andromda.presentation.bpm4struts.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- precompilation merge-point -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- session-config merge-point -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- taglib merge-point -->
<!-- resource-ref merge-point -->
<security-constraint>
<web-resource-collection>
<web-resource-name>timesheets resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "timesheets" use-case
</description>
<url-pattern>/timesheet/controllers/timesheets/*</url-pattern>
<url-pattern>/Timesheets/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>project manager approval resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "project manager approval" use-case
</description>
<url-pattern>/timesheet/controllers/projectmanagerapproval/*</url-pattern>
<url-pattern>/ProjectManagerApproval/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>projectManager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allocations resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "allocations" use-case
</description>
<url-pattern>/timesheet/controllers/allocations/*</url-pattern>
<url-pattern>/Allocations/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>resourceManager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>projects resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "projects" use-case
</description>
<url-pattern>/timesheet/controllers/projects/*</url-pattern>
<url-pattern>/Projects/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>operationManager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>reports resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "reports" use-case
</description>
<url-pattern>/timesheet/controllers/reports/*</url-pattern>
<url-pattern>/Reports/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>operation manager approval resources</web-resource-name>
<description>
This collection bundles all pages and resources
as well as the actions called in the "operation manager approval" use-case
</description>
<url-pattern>/timesheet/controllers/operationmanagerapproval/*</url-pattern>
<url-pattern>/OperationManagerApproval/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>operationManager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>timesheet</realm-name>
<form-login-config>
<form-login-page>/login/login-form.jsp</form-login-page>
<form-error-page>/login/login-form.jsp?action=error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>projectManager</role-name>
</security-role>
<security-role>
<role-name>operationManager</role-name>
</security-role>
<security-role>
<role-name>employee</role-name>
</security-role>
<security-role>
<role-name>resourceManager</role-name>
</security-role>
</web-app>
and mus struts-config.xml is as follows
- Code: Select all
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.2//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_2.dtd">
<struts-config>
<!-- display-name merge point -->
<!-- description merge point -->
<data-sources>
<!-- data-sources merge point -->
</data-sources>
<form-beans>
<!-- form-beans merge-point -->
<form-bean
name="timesheetsWeeksProceedForm"
type="timesheet.controllers.timesheets.WeeksProceedFormImpl" />
<form-bean
name="timesheetsWeekEntriesRemoveForm"
type="timesheet.controllers.timesheets.WeekEntriesRemoveFormImpl" />
<form-bean
name="timesheetsTimesheetsForm"
type="timesheet.controllers.timesheets.TimesheetsFormImpl" />
<form-bean
name="timesheetsWeekEntriesAddEntryForm"
type="timesheet.controllers.timesheets.WeekEntriesAddEntryFormImpl" />
<form-bean
name="timesheetsWeekEntriesSaveEntriesForm"
type="timesheet.controllers.timesheets.WeekEntriesSaveEntriesFormImpl" />
<form-bean
name="projectManagerApprovalViewWeekEntriesApproveWeekForm"
type="timesheet.controllers.projectmanagerapproval.ViewWeekEntriesApproveWeekFormImpl" />
<form-bean
name="projectManagerApprovalEmployeesProceedForm"
type="timesheet.controllers.projectmanagerapproval.EmployeesProceedFormImpl" />
<form-bean
name="projectManagerApprovalProjectsProceedForm"
type="timesheet.controllers.projectmanagerapproval.ProjectsProceedFormImpl" />
<form-bean
name="projectManagerApprovalProjectManagerApprovalForm"
type="timesheet.controllers.projectmanagerapproval.ProjectManagerApprovalFormImpl" />
<form-bean
name="projectManagerApprovalWeeksProceedForm"
type="timesheet.controllers.projectmanagerapproval.WeeksProceedFormImpl" />
<form-bean
name="projectManagerApprovalViewWeekEntriesNothingForm"
type="timesheet.controllers.projectmanagerapproval.ViewWeekEntriesNothingFormImpl" />
<form-bean
name="allocationsViewAllocationsAddAllocationForm"
type="timesheet.controllers.allocations.ViewAllocationsAddAllocationFormImpl" />
<form-bean
name="allocationsViewAllocationsNothingForm"
type="timesheet.controllers.allocations.ViewAllocationsNothingFormImpl" />
<form-bean
name="allocationsAllocationsForm"
type="timesheet.controllers.allocations.AllocationsFormImpl" />
<form-bean
name="projectsManageProjectsEditForm"
type="timesheet.controllers.projects.ManageProjectsEditFormImpl" />
<form-bean
name="projectsProjectsForm"
type="timesheet.controllers.projects.ProjectsFormImpl" />
<form-bean
name="projectsEditProjectFormEditProjectForm"
type="timesheet.controllers.projects.EditProjectFormEditProjectFormImpl" />
<form-bean
name="projectsManageProjectsAddProjectForm"
type="timesheet.controllers.projects.ManageProjectsAddProjectFormImpl" />
<form-bean
name="reportsChooseReportPayrollForm"
type="timesheet.controllers.reports.ChooseReportPayrollFormImpl" />
<form-bean
name="reportsReportsForm"
type="timesheet.controllers.reports.ReportsFormImpl" />
<form-bean
name="reportsChooseReportBillingForm"
type="timesheet.controllers.reports.ChooseReportBillingFormImpl" />
<form-bean
name="operationManagerApprovalViewEntriesApproveWeekForm"
type="timesheet.controllers.operationmanagerapproval.ViewEntriesApproveWeekFormImpl" />
<form-bean
name="operationManagerApprovalOperationManagerApprovalForm"
type="timesheet.controllers.operationmanagerapproval.OperationManagerApprovalFormImpl" />
<form-bean
name="operationManagerApprovalEmployeesProceedForm"
type="timesheet.controllers.operationmanagerapproval.EmployeesProceedFormImpl" />
<form-bean
name="operationManagerApprovalWeeksProceedForm"
type="timesheet.controllers.operationmanagerapproval.WeeksProceedFormImpl" />
<form-bean
name="operationManagerApprovalViewEntriesNothingForm"
type="timesheet.controllers.operationmanagerapproval.ViewEntriesNothingFormImpl" />
</form-beans>
<global-exceptions>
<!-- global-exceptions merge point -->
</global-exceptions>
<global-forwards>
<forward
name="timesheets"
path="/Timesheets/Timesheets.do"
redirect="false" />
<forward
name="project.manager.approval"
path="/ProjectManagerApproval/ProjectManagerApproval.do"
redirect="false" />
<forward
name="allocations"
path="/Allocations/Allocations.do"
redirect="false" />
<forward
name="projects"
path="/Projects/Projects.do"
redirect="false" />
<forward
name="reports"
path="/Reports/Reports.do"
redirect="false" />
<forward
name="operation.manager.approval"
path="/OperationManagerApproval/OperationManagerApproval.do"
redirect="false" />
</global-forwards>
<action-mappings>
<!-- action-mappings merge-point -->
<action
path="/Timesheets/WeeksProceed"
type="timesheet.controllers.timesheets.WeeksProceed"
name="timesheetsWeeksProceedForm"
scope="request"
input="/timesheet/controllers/timesheets/weeks.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="timesheets.weeks.proceed.exception"
path="/timesheet/controllers/timesheets/weeks.jsp"
scope="request" />
<forward
name="week.entries"
path="/timesheet/controllers/timesheets/week-entries.jsp"
redirect="false" />
</action>
<action
path="/Timesheets/WeekEntriesRemove"
type="timesheet.controllers.timesheets.WeekEntriesRemove"
name="timesheetsWeekEntriesRemoveForm"
scope="request"
input="/timesheet/controllers/timesheets/week-entries.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="timesheets.week.entries.remove.exception"
path="/timesheet/controllers/timesheets/week-entries.jsp"
scope="request" />
<forward
name="week.entries"
path="/timesheet/controllers/timesheets/week-entries.jsp"
redirect="false" />
</action>
<action
path="/Timesheets/Timesheets"
type="timesheet.controllers.timesheets.Timesheets"
name="timesheetsTimesheetsForm"
roles="employee"
scope="request"
unknown="false"
validate="false">
<forward
name="weeks"
path="/timesheet/controllers/timesheets/weeks.jsp"
redirect="false" />
</action>
<action
path="/Timesheets/WeekEntriesAddEntry"
type="timesheet.controllers.timesheets.WeekEntriesAddEntry"
name="timesheetsWeekEntriesAddEntryForm"
scope="request"
input="/timesheet/controllers/timesheets/week-entries.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="timesheets.week.entries.add.entry.exception"
path="/timesheet/controllers/timesheets/week-entries.jsp"
scope="request" />
<forward
name="week.entries"
path="/timesheet/controllers/timesheets/week-entries.jsp"
redirect="false" />
</action>
<action
path="/Timesheets/WeekEntriesSaveEntries"
type="timesheet.controllers.timesheets.WeekEntriesSaveEntries"
name="timesheetsWeekEntriesSaveEntriesForm"
scope="request"
input="/timesheet/controllers/timesheets/week-entries.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="timesheets.week.entries.save.entries.exception"
path="/timesheet/controllers/timesheets/week-entries.jsp"
scope="request" />
<forward
name="weeks"
path="/timesheet/controllers/timesheets/weeks.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/ViewWeekEntriesApproveWeek"
type="timesheet.controllers.projectmanagerapproval.ViewWeekEntriesApproveWeek"
name="projectManagerApprovalViewWeekEntriesApproveWeekForm"
scope="request"
input="/timesheet/controllers/projectmanagerapproval/view-week-entries.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="project.manager.approval.view.week.entries.approve.week.exception"
path="/timesheet/controllers/projectmanagerapproval/view-week-entries.jsp"
scope="request" />
<forward
name="projects"
path="/timesheet/controllers/projectmanagerapproval/projects.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/EmployeesProceed"
type="timesheet.controllers.projectmanagerapproval.EmployeesProceed"
name="projectManagerApprovalEmployeesProceedForm"
scope="request"
input="/timesheet/controllers/projectmanagerapproval/employees.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="project.manager.approval.employees.proceed.exception"
path="/timesheet/controllers/projectmanagerapproval/employees.jsp"
scope="request" />
<forward
name="weeks"
path="/timesheet/controllers/projectmanagerapproval/weeks.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/ProjectsProceed"
type="timesheet.controllers.projectmanagerapproval.ProjectsProceed"
name="projectManagerApprovalProjectsProceedForm"
scope="request"
input="/timesheet/controllers/projectmanagerapproval/projects.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="project.manager.approval.projects.proceed.exception"
path="/timesheet/controllers/projectmanagerapproval/projects.jsp"
scope="request" />
<forward
name="employees"
path="/timesheet/controllers/projectmanagerapproval/employees.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/ProjectManagerApproval"
type="timesheet.controllers.projectmanagerapproval.ProjectManagerApproval"
name="projectManagerApprovalProjectManagerApprovalForm"
roles="projectManager"
scope="request"
unknown="false"
validate="false">
<forward
name="projects"
path="/timesheet/controllers/projectmanagerapproval/projects.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/WeeksProceed"
type="timesheet.controllers.projectmanagerapproval.WeeksProceed"
name="projectManagerApprovalWeeksProceedForm"
scope="request"
input="/timesheet/controllers/projectmanagerapproval/weeks.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="project.manager.approval.weeks.proceed.exception"
path="/timesheet/controllers/projectmanagerapproval/weeks.jsp"
scope="request" />
<forward
name="view.week.entries"
path="/timesheet/controllers/projectmanagerapproval/view-week-entries.jsp"
redirect="false" />
</action>
<action
path="/ProjectManagerApproval/ViewWeekEntriesNothing"
type="timesheet.controllers.projectmanagerapproval.ViewWeekEntriesNothing"
name="projectManagerApprovalViewWeekEntriesNothingForm"
scope="request"
input="/timesheet/controllers/projectmanagerapproval/view-week-entries.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="project.manager.approval.view.week.entries.nothing.exception"
path="/timesheet/controllers/projectmanagerapproval/view-week-entries.jsp"
scope="request" />
<forward
name="projects"
path="/timesheet/controllers/projectmanagerapproval/projects.jsp"
redirect="false" />
</action>
<action
path="/Allocations/ViewAllocationsAddAllocation"
type="timesheet.controllers.allocations.ViewAllocationsAddAllocation"
name="allocationsViewAllocationsAddAllocationForm"
scope="request"
input="/timesheet/controllers/allocations/view-allocations.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="allocations.view.allocations.add.allocation.exception"
path="/timesheet/controllers/allocations/view-allocations.jsp"
scope="request" />
<forward
name="view.allocations"
path="/timesheet/controllers/allocations/view-allocations.jsp"
redirect="false" />
</action>
<action
path="/Allocations/ViewAllocationsNothing"
type="timesheet.controllers.allocations.ViewAllocationsNothing"
name="allocationsViewAllocationsNothingForm"
scope="request"
input="/timesheet/controllers/allocations/view-allocations.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="allocations.view.allocations.nothing.exception"
path="/timesheet/controllers/allocations/view-allocations.jsp"
scope="request" />
<forward
name="view.allocations"
path="/timesheet/controllers/allocations/view-allocations.jsp"
redirect="false" />
</action>
<action
path="/Allocations/Allocations"
type="timesheet.controllers.allocations.Allocations"
name="allocationsAllocationsForm"
roles="resourceManager"
scope="request"
unknown="false"
validate="false">
<forward
name="view.allocations"
path="/timesheet/controllers/allocations/view-allocations.jsp"
redirect="false" />
</action>
<action
path="/Projects/ManageProjectsEdit"
type="timesheet.controllers.projects.ManageProjectsEdit"
name="projectsManageProjectsEditForm"
scope="request"
input="/timesheet/controllers/projects/manage-projects.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="projects.manage.projects.edit.exception"
path="/timesheet/controllers/projects/manage-projects.jsp"
scope="request" />
<forward
name="edit.project.form"
path="/timesheet/controllers/projects/edit-project-form.jsp"
redirect="false" />
</action>
<action
path="/Projects/Projects"
type="timesheet.controllers.projects.Projects"
name="projectsProjectsForm"
roles="operationManager"
scope="request"
unknown="false"
validate="false">
<forward
name="manage.projects"
path="/timesheet/controllers/projects/manage-projects.jsp"
redirect="false" />
</action>
<action
path="/Projects/EditProjectFormEditProject"
type="timesheet.controllers.projects.EditProjectFormEditProject"
name="projectsEditProjectFormEditProjectForm"
scope="request"
input="/timesheet/controllers/projects/edit-project-form.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="projects.edit.project.form.edit.project.exception"
path="/timesheet/controllers/projects/edit-project-form.jsp"
scope="request" />
<forward
name="manage.projects"
path="/timesheet/controllers/projects/manage-projects.jsp"
redirect="false" />
</action>
<action
path="/Projects/ManageProjectsAddProject"
type="timesheet.controllers.projects.ManageProjectsAddProject"
name="projectsManageProjectsAddProjectForm"
scope="request"
input="/timesheet/controllers/projects/manage-projects.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="projects.manage.projects.add.project.exception"
path="/timesheet/controllers/projects/manage-projects.jsp"
scope="request" />
<forward
name="manage.projects"
path="/timesheet/controllers/projects/manage-projects.jsp"
redirect="false" />
</action>
<action
path="/Reports/ChooseReportPayroll"
type="timesheet.controllers.reports.ChooseReportPayroll"
name="reportsChooseReportPayrollForm"
scope="request"
input="/timesheet/controllers/reports/choose-report.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="reports.choose.report.payroll.exception"
path="/timesheet/controllers/reports/choose-report.jsp"
scope="request" />
</action>
<action
path="/Reports/Reports"
type="timesheet.controllers.reports.Reports"
name="reportsReportsForm"
roles="manager"
scope="request"
unknown="false"
validate="false">
<forward
name="choose.report"
path="/timesheet/controllers/reports/choose-report.jsp"
redirect="false" />
</action>
<action
path="/Reports/ChooseReportBilling"
type="timesheet.controllers.reports.ChooseReportBilling"
name="reportsChooseReportBillingForm"
scope="request"
input="/timesheet/controllers/reports/choose-report.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="reports.choose.report.billing.exception"
path="/timesheet/controllers/reports/choose-report.jsp"
scope="request" />
</action>
<action
path="/OperationManagerApproval/ViewEntriesApproveWeek"
type="timesheet.controllers.operationmanagerapproval.ViewEntriesApproveWeek"
name="operationManagerApprovalViewEntriesApproveWeekForm"
scope="request"
input="/timesheet/controllers/operationmanagerapproval/view-entries.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="operation.manager.approval.view.entries.approve.week.exception"
path="/timesheet/controllers/operationmanagerapproval/view-entries.jsp"
scope="request" />
<forward
name="employees"
path="/timesheet/controllers/operationmanagerapproval/employees.jsp"
redirect="false" />
</action>
<action
path="/OperationManagerApproval/OperationManagerApproval"
type="timesheet.controllers.operationmanagerapproval.OperationManagerApproval"
name="operationManagerApprovalOperationManagerApprovalForm"
roles="operationManager"
scope="request"
unknown="false"
validate="false">
<forward
name="employees"
path="/timesheet/controllers/operationmanagerapproval/employees.jsp"
redirect="false" />
</action>
<action
path="/OperationManagerApproval/EmployeesProceed"
type="timesheet.controllers.operationmanagerapproval.EmployeesProceed"
name="operationManagerApprovalEmployeesProceedForm"
scope="request"
input="/timesheet/controllers/operationmanagerapproval/employees.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="operation.manager.approval.employees.proceed.exception"
path="/timesheet/controllers/operationmanagerapproval/employees.jsp"
scope="request" />
<forward
name="weeks"
path="/timesheet/controllers/operationmanagerapproval/weeks.jsp"
redirect="false" />
</action>
<action
path="/OperationManagerApproval/WeeksProceed"
type="timesheet.controllers.operationmanagerapproval.WeeksProceed"
name="operationManagerApprovalWeeksProceedForm"
scope="request"
input="/timesheet/controllers/operationmanagerapproval/weeks.jsp"
unknown="false"
validate="false">
<exception
type="java.lang.Exception"
key="operation.manager.approval.weeks.proceed.exception"
path="/timesheet/controllers/operationmanagerapproval/weeks.jsp"
scope="request" />
<forward
name="view.entries"
path="/timesheet/controllers/operationmanagerapproval/view-entries.jsp"
redirect="false" />
</action>
<action
path="/OperationManagerApproval/ViewEntriesNothing"
type="timesheet.controllers.operationmanagerapproval.ViewEntriesNothing"
name="operationManagerApprovalViewEntriesNothingForm"
scope="request"
input="/timesheet/controllers/operationmanagerapproval/view-entries.jsp"
unknown="false"
validate="true">
<exception
type="java.lang.Exception"
key="operation.manager.approval.view.entries.nothing.exception"
path="/timesheet/controllers/operationmanagerapproval/view-entries.jsp"
scope="request" />
<forward
name="employees"
path="/timesheet/controllers/operationmanagerapproval/employees.jsp"
redirect="false" />
</action>
</action-mappings>
<!-- controller merge point -->
<!-- message-resources merge-point -->
<message-resources parameter="application-resources" null="false"/>
<!-- plug-in merge-point -->
<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
<set-property property="pathnames" value="/WEB-INF/validation.xml,/WEB-INF/validator-rules.xml"/>
<set-property property="stopOnFirstError" value="false"/>
</plug-in>
<plug-in className="org.apache.struts.tiles.TilesPlugin">
<set-property property="definitions-config" value="/WEB-INF/tiles-defs.xml"/>
<set-property property="definitions-parser-validate" value="true"/>
<set-property property="moduleAware" value="true"/>
</plug-in>
<!--
<plug-in className="net.sf.navigator.menu.MenuPlugIn">
<set-property property="menuConfig" value="/WEB-INF/menu-config.xml"/>
</plug-in>
-->
</struts-config>
I am using simple user.properties and roles.properties files
I was browsing the generated web.xml I suspect two thing
1- the struts servlet tries to access a resource that is outside the roles of the currently logged in user (but I dought this)
2- the ResponesOverrideFilter dot this (maybe)
- Mohamed
- Posts: 35
- Joined: Mon 18. Jul 2005, 09:30
by wouter.zoons » Wed 17. Aug 2005, 08:34
there must be something wrong with your roles.properties and user.properties, are you sure they are properly picked up by JBoss ?
can you check and make sure your logged in user principal has the proper roles ?
can you check and make sure your logged in user principal has the proper roles ?
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
by Mohamed » Wed 17. Aug 2005, 08:47
sorry I clicked submit I didnt mean it
my user.properties is as follows
and my roles.properties is as follows
I logged in with UN=manager and PW=manger who has the role=manager
manager is the only one who can view reports
i tried to view /timesheet/controller/ url pattern
and I have a page showing the following directory structure
allocations/ Wed, 17 Aug 2005 10:32:26 GMT
operationmanagerapproval/ Wed, 17 Aug 2005 10:32:26 GMT
projectmanagerapproval/ Wed, 17 Aug 2005 10:32:26 GMT
projects/ Wed, 17 Aug 2005 10:32:26 GMT
reports/ Wed, 17 Aug 2005 10:32:26 GMT
when I click any of them excpetct reports I have status erro page
when I click reports I proceed to see the directory structure of the reports folder
So I think security wroks fine except when struts get in the way
[/b]
my user.properties is as follows
- Code: Select all
employee=employee
projectManager=projectManager
operationManager=operationManager
resourceManager=resourceManager
manager=manager
and my roles.properties is as follows
- Code: Select all
employee=employee
projectManager=projectManager
operationManager=operationManager
resourceManager=resourceManager
manager=manager
I logged in with UN=manager and PW=manger who has the role=manager
manager is the only one who can view reports
i tried to view /timesheet/controller/ url pattern
and I have a page showing the following directory structure
allocations/ Wed, 17 Aug 2005 10:32:26 GMT
operationmanagerapproval/ Wed, 17 Aug 2005 10:32:26 GMT
projectmanagerapproval/ Wed, 17 Aug 2005 10:32:26 GMT
projects/ Wed, 17 Aug 2005 10:32:26 GMT
reports/ Wed, 17 Aug 2005 10:32:26 GMT
when I click any of them excpetct reports I have status erro page
when I click reports I proceed to see the directory structure of the reports folder
So I think security wroks fine except when struts get in the way
[/b]
- Mohamed
- Posts: 35
- Joined: Mon 18. Jul 2005, 09:30
by wouter.zoons » Wed 17. Aug 2005, 08:57
are you using Tomcat 5.0 (JBoss 4.0.1) or 5.5 (JBoss 4.0.2) ?
to disable directory listings you should add this to your web.xml:
this is set by default in the latest versions, for security related features I recommend using the latest bpm4struts version, upgrade your AndroMDA to 3.1-RC1-SNAPSHOT if you can
many improvements concerning security have been implemented: error pages, JSP security, etc...
to disable directory listings you should add this to your web.xml:
- Code: Select all
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
this is set by default in the latest versions, for security related features I recommend using the latest bpm4struts version, upgrade your AndroMDA to 3.1-RC1-SNAPSHOT if you can
many improvements concerning security have been implemented: error pages, JSP security, etc...
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
by Mohamed » Wed 17. Aug 2005, 09:52
I am using JBoss 3.2
ok I will use the newer version of everything JBoss, Andromda, ...etc
And see if this solve the problem
thank you
you realy are the Dinamo of this forum
I've seen a lot of forums but not as active as this
yours
Mohamed Fathy
ok I will use the newer version of everything JBoss, Andromda, ...etc
And see if this solve the problem
thank you
you realy are the Dinamo of this forum
I've seen a lot of forums but not as active as this
yours
Mohamed Fathy
- Mohamed
- Posts: 35
- Joined: Mon 18. Jul 2005, 09:30
by wouter.zoons » Wed 17. Aug 2005, 10:00
thanks for the kind words 
if you upgrade to a newer AndroMDA version then don't forget to also update your model's XMI
do a simple search & replace: 3.0 --> 3.1-RC1-SNAPSHOT
unfortunately this is needed since the XMI seems to reference elements from the profile using the filename in combination with the XMI id
if you upgrade to a newer AndroMDA version then don't forget to also update your model's XMI
do a simple search & replace: 3.0 --> 3.1-RC1-SNAPSHOT
unfortunately this is needed since the XMI seems to reference elements from the profile using the filename in combination with the XMI id
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
by Mohamed » Thu 18. Aug 2005, 09:56
I've upgraded Jboss and AndroMDA and did the find&replace stuff
And security now is working fine but I have the following problems:
1-tagged values names changed so I will have to change tagged values in the hole model
2-there something very annoying happens when building the model using maven
it Attempt to download the following every time
In the first tim after upgrading it downloaded them succesfully but now every time it do the following which take a lot of time
And security now is working fine but I have the following problems:
1-tagged values names changed so I will have to change tagged values in the hole model
2-there something very annoying happens when building the model using maven
it Attempt to download the following every time
In the first tim after upgrading it downloaded them succesfully but now every time it do the following which take a lot of time
- Code: Select all
Attempting to download andromda-profile-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-datatype-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-webservice-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-service-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-process-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-meta-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-xml-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-persistence-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download andromda-profile-presentation-3.1-RC1-SNAPSHOT.xml.zip.
Attempting to download maven-andromda-plugin-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-hibernate-cartridge-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-jbpm-cartridge-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-webservice-cartridge-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-java-cartridge-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-bpm4struts-cartridge-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-ocl-validation-library-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-ocl-query-library-3.1-RC1-SNAPSHOT.jar.
multiproject:goal:
build:start:
multiproject:install-callback:
[echo] Running pom:install for timesheet MDA
Attempting to download andromda-core-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-utils-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-ant-task-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-metafacades-uml-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-metafacades-uml14-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-repository-mdr-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-templateengine-velocity-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-ocl-translation-core-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-ocl-validation-library-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-maven-core-3.1-RC1-SNAPSHOT.jar.
Attempting to download andromda-schema2xmi-3.1-RC1-SNAPSHOT.jar.
- Mohamed
- Posts: 35
- Joined: Mon 18. Jul 2005, 09:30
by wouter.zoons » Thu 18. Aug 2005, 10:10
1. no need to update any tagged values, MagicDraw will do this for you if you just open & save your model
2. that's because those snapshots on the server are updated daily, use the -o flag on the command line to tell maven to stay offline
2. that's because those snapshots on the server are updated daily, use the -o flag on the command line to tell maven to stay offline
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
by Mohamed » Thu 18. Aug 2005, 10:14
Sorry I found the tag
@andromda.presentation.view.table.columns=property1,property2,...,propertyN
I was looking in the wrong place
but I do opened the model and saved it but the tagged value changed I don't know why
@andromda.presentation.view.table.columns=property1,property2,...,propertyN
I was looking in the wrong place
but I do opened the model and saved it but the tagged value changed I don't know why
- Mohamed
- Posts: 35
- Joined: Mon 18. Jul 2005, 09:30
by wouter.zoons » Thu 18. Aug 2005, 10:15
is your model properly importing the profile for version 3.1-RC1-SNAPSHOT ? which profile are you using ?
Wouter Zoons - wouter [at] andromda [dot] org
http://www.andromda.org/ - http://draftdog.blogspot.com/
http://www.andromda.org/ - http://draftdog.blogspot.com/
- wouter.zoons
- AndroMDA Admin
- Posts: 4137
- Joined: Fri 6. May 2005, 18:29
- Location: Brussels, Belgium
15 posts
• Page 1 of 1
Return to Bpm4Struts cartridge
Who is online
Users browsing this forum: No registered users and 0 guests