You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Erez Efrati <er...@netmedia.net.il> on 2003/07/04 17:16:51 UTC
JAAS Struts & JBoss + Tomcat
Hi, I am trying to integrate the JAAS into my Struts application running
on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your
help on several questions:
1. From what I read here, I saw that I should probably use the FORM auth
method, and that this page should not use any of the Struts tags. Is
that right?
2. In my application, the first thing a user does is passing a
registration wizard. How can I set different set of permissions using
the web.xml to the registration wizard pages and to the rest of the
application, where both are handled by the struts ActionServlet servlet?
3. Regarding more to JBoss + Tomcat, I don't understand what happens
when a web client accesses a protected page. Does JBossSX which
implements the authentication takes over and perform the authentication?
After the authentication is done, does my Struts action can invoke EJB
methods freely or should they authenticate as well?
Thanks in advance,
-- Erez
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: JAAS Struts & JBoss + Tomcat
Posted by Erez Efrati <er...@netmedia.net.il>.
Thanks a lot Paul for the answers.
-- Erez
-----Original Message-----
From: Paul Thomas [mailto:paul@tmsl.demon.co.uk]
Sent: Saturday, July 05, 2003 2:49 PM
To: struts-user
Subject: Re: JAAS Struts & JBoss + Tomcat
On 04/07/2003 16:16 Erez Efrati wrote:
> Hi, I am trying to integrate the JAAS into my Struts application
running
> on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate
your
> help on several questions:
>
> 1. From what I read here, I saw that I should probably use the FORM
auth
> method, and that this page should not use any of the Struts tags. Is
> that right?
html:form might be a problem but bean:message works fine for me.
>
> 2. In my application, the first thing a user does is passing a
> registration wizard. How can I set different set of permissions using
> the web.xml to the registration wizard pages and to the rest of the
> application, where both are handled by the struts ActionServlet
servlet?
The ActionServlet doesn't really enter into it. You define constaints
against urls. So you might have a url /register.do for your registration
wizard and /showdetails.do to show some detail page. Each would have its
own declared contraints in web.xml. I recommend reading the 2.3 servlet
specs.
> 3. Regarding more to JBoss + Tomcat, I don't understand what happens
> when a web client accesses a protected page. Does JBossSX which
> implements the authentication takes over and perform the
authentication?
> After the authentication is done, does my Struts action can invoke EJB
> methods freely or should they authenticate as well?
I can't answer that I'm afraid. I would suggest you get a sample app
working under Tomcat alone then try deploying it under JBoss.
HTH
--
Paul Thomas
+------------------------------+----------------------------------------
-----+
| Thomas Micro Systems Limited | Software Solutions for the Smaller
Business |
| Computer Consultants |
http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+----------------------------------------
-----+
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: JAAS Struts & JBoss + Tomcat
Posted by Paul Thomas <pa...@tmsl.demon.co.uk>.
On 04/07/2003 16:16 Erez Efrati wrote:
> Hi, I am trying to integrate the JAAS into my Struts application running
> on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your
> help on several questions:
>
> 1. From what I read here, I saw that I should probably use the FORM auth
> method, and that this page should not use any of the Struts tags. Is
> that right?
html:form might be a problem but bean:message works fine for me.
>
> 2. In my application, the first thing a user does is passing a
> registration wizard. How can I set different set of permissions using
> the web.xml to the registration wizard pages and to the rest of the
> application, where both are handled by the struts ActionServlet servlet?
The ActionServlet doesn't really enter into it. You define constaints
against urls. So you might have a url /register.do for your registration
wizard and /showdetails.do to show some detail page. Each would have its
own declared contraints in web.xml. I recommend reading the 2.3 servlet
specs.
> 3. Regarding more to JBoss + Tomcat, I don't understand what happens
> when a web client accesses a protected page. Does JBossSX which
> implements the authentication takes over and perform the authentication?
> After the authentication is done, does my Struts action can invoke EJB
> methods freely or should they authenticate as well?
I can't answer that I'm afraid. I would suggest you get a sample app
working under Tomcat alone then try deploying it under JBoss.
HTH
--
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller
Business |
| Computer Consultants |
http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: JAAS Struts & JBoss + Tomcat
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Erez Efrati wrote:
> Hi, I am trying to integrate the JAAS into my Struts application running
> on JBoss 3.0.7 + Tomcat. I am a newbie here, and I would appreciate your
> help on several questions:
>
> 1. From what I read here, I saw that I should probably use the FORM auth
> method, and that this page should not use any of the Struts tags. Is
> that right?
It is best to use the FORM authentication because you can encrypt it
with SSL - otherwise your users' passwords will go over the net in plain
text.
I haven't tried using struts tags in the login form. From what Craig
said late yesterday about the login form (do a search on j_security), it
is best to view it as totally seperate from your application -
essentially part of the container.
>
> 2. In my application, the first thing a user does is passing a
> registration wizard. How can I set different set of permissions using
> the web.xml to the registration wizard pages and to the rest of the
> application, where both are handled by the struts ActionServlet servlet?
>
You have action mappings for your app's modules, correct? Set up
security constraint in web.xml to secure the different action mappings
in different ways - i.e. wizard.do
> 3. Regarding more to JBoss + Tomcat, I don't understand what happens
> when a web client accesses a protected page. Does JBossSX which
> implements the authentication takes over and perform the authentication?
> After the authentication is done, does my Struts action can invoke EJB
> methods freely or should they authenticate as well?
>
sorry don't know jboss.
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org