Part of the application that I am writing involves an outside system transferring XML over HTTP Post via an action on our system ( which I then grab and store in the session. I then redirect to a secure action which forces the login page to be displayed and once authenticated, the data is processed and put into the database. I wrote a test JSP page with a simple form which simulates this and everything is fine....
However, my problem lies with the outside system passing the data through. The outside system can hit my unsecure action, grab the XML data and store it in the session but then it does not redirect to the login page or the secured process and the process just dies. I get a blank page and no error messages. If I dont set redirect to be true in the struts-config for the action, then it will hit the unsecure process and then not try and login and go straight to the secured process and then fail because we dont have a username in the session.

Everything I've found on the web concerns spelling errors, but in my case, it works for a local page, but not for an outside system.

Here is the struts-config. It first hits the /transfer action and goes to comp.transferProcess which grabs the XML I then want to forward to another action auth/transferProcess but this is secured so it should go to the login page.

<forward name="auth/transferProcess" path="/auth/" redirect="true"/>

<action path="/transfer" type="comp.transferProcess" scope="session"/>

<action path="/auth/transferProcess" name="/auth/transferProcess" type="comp.transferProcess2" scope="session"/>

In the web.xml I have set up the security-constraints to be for <url-pattern>/auth/*</url-pattern>

I am forwarding from my action via:

return actionMapping.findForward("auth/transferProcess");

The outside system can't access any other secured action or page and they all go to a blank page with no errors.

I can redirect to a non-secured page (the login screen by itself (not being redirected there)) but all the images are broken and the css is all messed up

When I view the source, its just a blank HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>

And finally, im just using HTTP, no HTTPS

btw... the outside system is on a server and im having it connect to my box here for testing purposes and im running Borland Enterprise Server 5.2.1 if that helps at all. Im scratching my head for an answer to this thing.

Any ideas or more informationi required, then please let me know as I will be most greatful.