Authentication and authorization

[Aravind Kumar <ar...@gmail.com>]

Hello,

I have just started to venture into Struts2 and I'm having a hard time
finding learning materials for "Authentication and authorization" concepts.
Could you please point out some resources ?

Thank you,
Aravind

Re: Authentication and authorization

[Aravind Kumar <ar...@gmail.com>]

thank you :)

On Tue, Apr 17, 2012 at 9:21 PM, Chris Pratt <th...@gmail.com>wrote:

> Struts itself doesn't provide an Authentication & Authorization subsystem,
> but it will work well with Spring Security, Apache Shiro, or roll-your-own
> solutions.
>   (*Chris*)
>
> On Tue, Apr 17, 2012 at 5:28 AM, Aravind Kumar <ar...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I have just started to venture into Struts2 and I'm having a hard time
> > finding learning materials for "Authentication and authorization"
> concepts.
> > Could you please point out some resources ?
> >
> > Thank you,
> > Aravind
> >
>

Re: Authentication and authorization

[Chris Pratt <th...@gmail.com>]

Struts itself doesn't provide an Authentication & Authorization subsystem,
but it will work well with Spring Security, Apache Shiro, or roll-your-own
solutions.
  (*Chris*)

On Tue, Apr 17, 2012 at 5:28 AM, Aravind Kumar <ar...@gmail.com> wrote:

> Hello,
>
> I have just started to venture into Struts2 and I'm having a hard time
> finding learning materials for "Authentication and authorization" concepts.
> Could you please point out some resources ?
>
> Thank you,
> Aravind
>

Re: Authentication and authorization

[Aravind Kumar <ar...@gmail.com>]

Thank you ! And Apache Shiro is it worth trying for authentication and
authorization ?

On Tue, Apr 17, 2012 at 6:37 PM, vEnkaTa mohAna rAo SriperumbUdUru <
mohanaraosv@gmail.com> wrote:

> http://www.javaranch.com/journal/2008/04/authentication-using-JAAS.html
>
>
> http://stackoverflow.com/questions/3649615/how-should-i-savely-store-encrypted-user-data-on-my-server-and-serve-it-only-to
>
> On Tue, Apr 17, 2012 at 5:58 PM, Aravind Kumar <ar...@gmail.com>
> wrote:
>
> > Hello,
> >
> > I have just started to venture into Struts2 and I'm having a hard time
> > finding learning materials for "Authentication and authorization"
> concepts.
> > Could you please point out some resources ?
> >
> > Thank you,
> > Aravind
> >
>

Re: Authentication and authorization

[vEnkaTa mohAna rAo SriperumbUdUru <mo...@gmail.com>]

http://www.javaranch.com/journal/2008/04/authentication-using-JAAS.html

http://stackoverflow.com/questions/3649615/how-should-i-savely-store-encrypted-user-data-on-my-server-and-serve-it-only-to

On Tue, Apr 17, 2012 at 5:58 PM, Aravind Kumar <ar...@gmail.com> wrote:

> Hello,
>
> I have just started to venture into Struts2 and I'm having a hard time
> finding learning materials for "Authentication and authorization" concepts.
> Could you please point out some resources ?
>
> Thank you,
> Aravind
>

Re: Authentication and authorization

["M. Rakowski" <ma...@rakowski.biz>]

a brief explanation for basic spring-security (only authentication) 
configuration with struts:

Spring security is running as a filter in your web-app
(you need to make sure that it comes first before Struts).
For the filter-configuration take a look at (2.2.1):
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html

Than you will have to provide a context file where you
define the whole configuration for Spring-security:
- <intercept-url pattern="" access=""/> : access roles for certain url 
patterns
- <form-login login-page="your-struts-login-action" /> : configuration 
for login
- <authentication-manager> : to provide a service for 
user-authentication, like:
<authentication-manager>
  <authentication-provider 
user-service-ref="your-authentication-service"> [...]

The last step is the implementation of the authentication-service
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html):
UserDetails loadUserByUsername(String username)
and UserDetails-Interfaces (your User-Bean).

For all authenticated struts-actions you can get UserDetail
by accessing 
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
(http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/core/context/SecurityContextHolder.html)

I hope i could help you with this short explanation which covers only 
basic usage of spring.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Authentication and authorization

[Aravind Kumar <ar...@gmail.com>]

M. Rakowski,

Sorry for bothering again, How do I do that ? I searched for struts2 and
spring security integration but am not able to find any of the resources.

On Tue, Apr 17, 2012 at 11:21 PM, M. Rakowski <ma...@rakowski.biz> wrote:

> Hey,
>
> i would definitely _discourage_ you from using JAAS.
>
> IMHO go with Spring Security:
> http://static.springsource.**org/spring-security/site/<http://static.springsource.org/spring-security/site/>
>
> It is pretty easy to integrate in Struts and
> provides everything you need for both authentication and authorization.
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org<us...@struts.apache.org>
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Re: Authentication and authorization

["M. Rakowski" <ma...@rakowski.biz>]

Hey,

i would definitely _discourage_ you from using JAAS.

IMHO go with Spring Security:
http://static.springsource.org/spring-security/site/

It is pretty easy to integrate in Struts and
provides everything you need for both authentication and authorization.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org