You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Aravind Kumar <ar...@gmail.com> on 2012/04/17 14:28:00 UTC
Authentication and authorization
Hello,
I have just started to venture into Struts2 and I'm having a hard time
finding learning materials for "Authentication and authorization" concepts.
Could you please point out some resources ?
Thank you,
Aravind
Re: Authentication and authorization
Posted by Aravind Kumar <ar...@gmail.com>.
thank you :)
On Tue, Apr 17, 2012 at 9:21 PM, Chris Pratt <th...@gmail.com>wrote:
> Struts itself doesn't provide an Authentication & Authorization subsystem,
> but it will work well with Spring Security, Apache Shiro, or roll-your-own
> solutions.
> (*Chris*)
>
> On Tue, Apr 17, 2012 at 5:28 AM, Aravind Kumar <ar...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I have just started to venture into Struts2 and I'm having a hard time
> > finding learning materials for "Authentication and authorization"
> concepts.
> > Could you please point out some resources ?
> >
> > Thank you,
> > Aravind
> >
>
Re: Authentication and authorization
Posted by Chris Pratt <th...@gmail.com>.
Struts itself doesn't provide an Authentication & Authorization subsystem,
but it will work well with Spring Security, Apache Shiro, or roll-your-own
solutions.
(*Chris*)
On Tue, Apr 17, 2012 at 5:28 AM, Aravind Kumar <ar...@gmail.com> wrote:
> Hello,
>
> I have just started to venture into Struts2 and I'm having a hard time
> finding learning materials for "Authentication and authorization" concepts.
> Could you please point out some resources ?
>
> Thank you,
> Aravind
>
Re: Authentication and authorization
Posted by Aravind Kumar <ar...@gmail.com>.
Thank you ! And Apache Shiro is it worth trying for authentication and
authorization ?
On Tue, Apr 17, 2012 at 6:37 PM, vEnkaTa mohAna rAo SriperumbUdUru <
mohanaraosv@gmail.com> wrote:
> http://www.javaranch.com/journal/2008/04/authentication-using-JAAS.html
>
>
> http://stackoverflow.com/questions/3649615/how-should-i-savely-store-encrypted-user-data-on-my-server-and-serve-it-only-to
>
> On Tue, Apr 17, 2012 at 5:58 PM, Aravind Kumar <ar...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I have just started to venture into Struts2 and I'm having a hard time
> > finding learning materials for "Authentication and authorization"
> concepts.
> > Could you please point out some resources ?
> >
> > Thank you,
> > Aravind
> >
>
Re: Authentication and authorization
Posted by vEnkaTa mohAna rAo SriperumbUdUru <mo...@gmail.com>.
http://www.javaranch.com/journal/2008/04/authentication-using-JAAS.html
http://stackoverflow.com/questions/3649615/how-should-i-savely-store-encrypted-user-data-on-my-server-and-serve-it-only-to
On Tue, Apr 17, 2012 at 5:58 PM, Aravind Kumar <ar...@gmail.com> wrote:
> Hello,
>
> I have just started to venture into Struts2 and I'm having a hard time
> finding learning materials for "Authentication and authorization" concepts.
> Could you please point out some resources ?
>
> Thank you,
> Aravind
>
Re: Authentication and authorization
Posted by "M. Rakowski" <ma...@rakowski.biz>.
a brief explanation for basic spring-security (only authentication)
configuration with struts:
Spring security is running as a filter in your web-app
(you need to make sure that it comes first before Struts).
For the filter-configuration take a look at (2.2.1):
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html
Than you will have to provide a context file where you
define the whole configuration for Spring-security:
- <intercept-url pattern="" access=""/> : access roles for certain url
patterns
- <form-login login-page="your-struts-login-action" /> : configuration
for login
- <authentication-manager> : to provide a service for
user-authentication, like:
<authentication-manager>
<authentication-provider
user-service-ref="your-authentication-service"> [...]
The last step is the implementation of the authentication-service
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html):
UserDetails loadUserByUsername(String username)
and UserDetails-Interfaces (your User-Bean).
For all authenticated struts-actions you can get UserDetail
by accessing
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html)
I hope i could help you with this short explanation which covers only
basic usage of spring.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Authentication and authorization
Posted by Aravind Kumar <ar...@gmail.com>.
M. Rakowski,
Sorry for bothering again, How do I do that ? I searched for struts2 and
spring security integration but am not able to find any of the resources.
On Tue, Apr 17, 2012 at 11:21 PM, M. Rakowski <ma...@rakowski.biz> wrote:
> Hey,
>
> i would definitely _discourage_ you from using JAAS.
>
> IMHO go with Spring Security:
> http://static.springsource.**org/spring-security/site/<http://static.springsource.org/spring-security/site/>
>
> It is pretty easy to integrate in Struts and
> provides everything you need for both authentication and authorization.
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org<us...@struts.apache.org>
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: Authentication and authorization
Posted by "M. Rakowski" <ma...@rakowski.biz>.
Hey,
i would definitely _discourage_ you from using JAAS.
IMHO go with Spring Security:
http://static.springsource.org/spring-security/site/
It is pretty easy to integrate in Struts and
provides everything you need for both authentication and authorization.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org