You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Donald Dwoske <dd...@genomecorp.com> on 2002/08/08 13:31:19 UTC
webapp accessing secured files
Not really a struts question, but I figured people could
learn something.
I'm using weblogic 6.1 and am looking for an elegant
solution to this problem:
We have thousands of files on our Unix file system which use
Unix user/group permissions. This file base is not static, it
changes daily.
We would like to provide access to these files from a webapp
and retain the existing OS security users/groups.
We would like to have the user login as 'jsmith' , if they
also have a unix account jsmith, they should only be able
to access/open files accessible to jsmith. We can easily tie
the web signon to the unix users/passwords if we want to...
but...
The webserver runs as the 'weblogic' user, which does not have
access to these files... and we do not want to grant access
for 'weblogic' to all the files. We'd rather the OS level handle
the security and not the application.
Any thoughts as to an elegant way to handle this situation? It
is possible that we can retain the unix password in
cleartext, so one thought was:
1. run a script from the webapp which takes in the
username/password/filename , tries to login as 'jsmith'
and then opens the file.
Does anyone have any ideas, someone must have tried this
before.
-Don
------------------------------------------------------------------------------------------------------
Don Dwoske mailto:ddwoske@genomecorp.com
"The clearest way into the Universe is through a forest wilderness" - John Muir
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: webapp accessing secured files
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 8 Aug 2002, Donald Dwoske wrote:
> Date: Thu, 8 Aug 2002 07:31:19 -0400
> From: Donald Dwoske <dd...@genomecorp.com>
> Reply-To: Struts Users Mailing List <st...@jakarta.apache.org>
> To: struts-user@jakarta.apache.org
> Subject: webapp accessing secured files
>
>
> Not really a struts question, but I figured people could
> learn something.
>
> I'm using weblogic 6.1 and am looking for an elegant
> solution to this problem:
>
> We have thousands of files on our Unix file system which use
> Unix user/group permissions. This file base is not static, it
> changes daily.
>
> We would like to provide access to these files from a webapp
> and retain the existing OS security users/groups.
>
> We would like to have the user login as 'jsmith' , if they
> also have a unix account jsmith, they should only be able
> to access/open files accessible to jsmith. We can easily tie
> the web signon to the unix users/passwords if we want to...
> but...
>
> The webserver runs as the 'weblogic' user, which does not have
> access to these files... and we do not want to grant access
> for 'weblogic' to all the files. We'd rather the OS level handle
> the security and not the application.
>
> Any thoughts as to an elegant way to handle this situation? It
> is possible that we can retain the unix password in
> cleartext, so one thought was:
>
> 1. run a script from the webapp which takes in the
> username/password/filename , tries to login as 'jsmith'
> and then opens the file.
>
> Does anyone have any ideas, someone must have tried this
> before.
>
You're pretty unlikely to find any solution that would qualify as
"elegant" for this. The main problem is that the JVM your app server runs
under is running under a single userid, typically in a single process --
so it can't be "logged in" as more than one user. The only solutions I
can think of:
- Run the app server as root (you really don't want to do this
for all the obvious security reasons).
- Run a separate copy for each user.
> -Don
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: OT: Re: Looking for C++ MVC Implementation
Posted by Melissa L Kelley <st...@stuology.net>.
On Fri, 9 Aug 2002, Joel Rees wrote:
> > We're starting up a new project and it's been dictated that we go with C/C++
> > CGI.
>
> > But I'm interested in still following the MVC design.
>
Well, you could follow the MVC with C/C++ by convincing whoever did the
dictating to just have the component that swayed the decision to the
C/C++ side written in C/C++ and still use Java for the web end. Then you
can use Struts and stick with the MVC design. Although, I know, sometimes
decisions are based on one person's whimsy.
--> stu: www.stuology.net
It just no longer is plain simple safe fun
when it's the psycho chimp that has the ray gun
------------------------------------------------
Stuology -- A million monkeys can't be wrong
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
OT: Re: Looking for C++ MVC Implementation
Posted by Joel Rees <jo...@alpsgiken.gr.jp>.
> Does anyone know of a C/C++ MVC designed for a web front end?
Plugged "C++ cgi MVC" in at google.com and found (through a smalltalk
index page!) this site:
http://www.webwareindex.com/tutorials/
It's got a an index on CGI, but mostly Perl CGI. It's got a huge load of
stuff on Java, but no Java/MVC stuff. Apparently, the MVC stuff it has
is all in their Smalltalk index.
Of course, that's not the only site google turned up.
My introduction to CGI was through Perl. Don't know yet whether that was
good or bad. I've read a book, Perl for the Web (Chris Radcliffe -- New
Riders) which spends quite a bit of page real estate arguing that the
speed of the language is far less of a determinant of overall response
than the the use of the CGI interface itself.
> Anyone ever attempt a port of Struts? Am I out of my mind to even consider
> this? - MVC++ :)
I would not advise it, at least, not unless you know Java, C++, _and_
networking really well. The port should be budgeted as a separate
project, I'd imagine.
> We're starting up a new project and it's been dictated that we go with C/C++
> CGI.
Care to share the reasoning behind this insanity?
(There might be some valid reasons, but the context itself would about
have to be insane to make it reasonable to mix C/C++ and CGI, expecially
if the target is going to be complex enough to gain anything from MVC.
If building a technological base of expertise is more important that
completing the project on budget and on time, that might be one valid
reason. Maybe.)
> But I'm interested in still following the MVC design.
Is this an idealogical whimsy, or do you have a lot of experience with
MVC in C++?
> I've never done
> CGI before, so does this even make sense?
It depends on how much of the rest you have, I'd say. Stateless CGI is
not that hard, but it's never going to be fast, either.
> Any other C/C++ CGI frameworks to recommend?
More searching on google? Something like "C++ cgi framework"? Hmm. Yeah,
that turns up some potentially interesting pages, too.
--
Joel Rees <jo...@alpsgiken.gr.jp>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Looking for C++ MVC Implementation
Posted by Brad Rhoads <br...@zethcon.com>.
Does anyone know of a C/C++ MVC designed for a web front end?
Anyone ever attempt a port of Struts? Am I out of my mind to even consider
this? - MVC++ :)
We're starting up a new project and it's been dictated that we go with C/C++
CGI. But I'm interested in still following the MVC design. I've never done
CGI before, so does this even make sense?
Any other C/C++ CGI frameworks to recommend?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: webapp accessing secured files
Posted by Jacob Hookom <ho...@uwec.edu>.
Yesterday, it was mentioned using a JndiRealm
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
http://www.openldap.org/
> -----Original Message-----
> From: Donald Dwoske [mailto:ddwoske@genomecorp.com]
> Sent: Thursday, August 08, 2002 6:31 AM
> To: struts-user@jakarta.apache.org
> Subject: webapp accessing secured files
>
>
> Not really a struts question, but I figured people could
> learn something.
>
> I'm using weblogic 6.1 and am looking for an elegant
> solution to this problem:
>
> We have thousands of files on our Unix file system which use
> Unix user/group permissions. This file base is not static, it
> changes daily.
>
> We would like to provide access to these files from a webapp
> and retain the existing OS security users/groups.
>
> We would like to have the user login as 'jsmith' , if they
> also have a unix account jsmith, they should only be able
> to access/open files accessible to jsmith. We can easily tie
> the web signon to the unix users/passwords if we want to...
> but...
>
> The webserver runs as the 'weblogic' user, which does not have
> access to these files... and we do not want to grant access
> for 'weblogic' to all the files. We'd rather the OS level handle
> the security and not the application.
>
> Any thoughts as to an elegant way to handle this situation? It
> is possible that we can retain the unix password in
> cleartext, so one thought was:
>
> 1. run a script from the webapp which takes in the
> username/password/filename , tries to login as 'jsmith'
> and then opens the file.
>
> Does anyone have any ideas, someone must have tried this
> before.
>
> -Don
>
>
>
------------------------------------------------------------------------
--
> ----------------------------
> Don Dwoske
> mailto:ddwoske@genomecorp.com
> "The clearest way into the Universe is through a forest wilderness" -
John
> Muir
>
>
> --
> To unsubscribe, e-mail: <mailto:struts-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:struts-user-
> help@jakarta.apache.org>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>