You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Michel Bertrand <mi...@datasul.com.br> on 2003/10/10 13:46:10 UTC

Struts and Tomcat JDBC Realms

Hi all !

I was woundering about using Struts in Tomcat with JDBC Realms.

I found lots of topics about Strunts and Realms but using policy files
and I did not find any question or topic involving struts and JDBC Reals.

Does struts support the use of JDBC Realms in Tomcat ? I don't intent
to use it to proctect my Actions, but to protect my "jsp" pages under
some specific app directories.

I tried to implement this running Tomcat in Security Mode but I have
some SecurityExceptions in some actions. Is it common ?  Could I 
solve it setting priviledges to struts.jar in my catalina.policy ?

And so, does anybody implemented Struts + JDBC Realms + Tomcat ?

Thanks in advance,
Michel.



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

Re: Struts and Tomcat JDBC Realms

Posted by Adam Hardy <ah...@cyberspaceroad.com>.

On 10/10/2003 01:46 PM Michel Bertrand wrote:
> Hi all !
> 
> I was woundering about using Struts in Tomcat with JDBC Realms.
> 
> I found lots of topics about Strunts and Realms but using policy files
> and I did not find any question or topic involving struts and JDBC Reals.
> 
> Does struts support the use of JDBC Realms in Tomcat ? I don't intent
> to use it to proctect my Actions, but to protect my "jsp" pages under
> some specific app directories.
> 
> I tried to implement this running Tomcat in Security Mode but I have
> some SecurityExceptions in some actions. Is it common ?  Could I 
> solve it setting priviledges to struts.jar in my catalina.policy ?
> 
> And so, does anybody implemented Struts + JDBC Realms + Tomcat ?

Yes, many people do! Using a tomcat realm for authentication with 
standard security-constraints is not normally problematic.

Setting up struts to make use of realm authorization (for roles) is 
child's play (as long as your database contains the roles & links to the 
users). Just put the "role" attribute in the action mapping in the config.

Where & when are you getting these exceptions? Also, policy files don't 
need to come into it at all. Doing anything with priviliges to 
struts.jar is something I've never heard of. I think you are coming to 
the subject with a mindset for a different type of authentication & 
authorization system - what you require from tomcat & struts is not too 
complex.

Adam

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org