Struts and authentication of requests in a webapp. Generic framework possible/available?

[amolk <am...@mailjol.com>]

Hi,

I am new to Struts. I am referring the struts-example to build a prototype resembling our application which is right now using only servlets.

I need to authenticate each request that comes to the webapp ( though the action servlet ). There are two parts to the authentication scheme.
1. Authenticate the user when she provides the login name and password.
2. On very page ( or request ) verify that the request is coming from an authenticated user.

Both these parts would be required by most of the webapps ( if not all ).
Different types of web apps could have different authentication schemes. So lets assume the first part cant be made generic.

But, why cant we have a generic version of CheckLogonTag and the corresponding <app:checkLogon/> ? And make it part of the struts framework??
Usage would be something like 
Something like <app:checkLogon application="EA1" > for enterprise app1. EA1 string would be put in the session by the logonAction which is application specific.
So, though the authentication scheme and the strings we put in the session to flag the session as authenticated would be different for different applications, the way to verify would be made generic which accepts parameters which are appliction dependent.
Now, i have to "struts enable" 3 webapplications. Either i replicate the tld, Tag class, etc or make it generic so that i can use it across the apps.
(Thinking of implementing the second option)

Any comments?
( or is there something like that already in place?? )

thnx,
amol

Re: Struts and authentication of requests in a webapp. Generic framework possible/available?

[Ted Husted <hu...@apache.org>]

In Struts 1.1, you can assign a list of roles to each ActionMapping. By 
default, this uses the same JAAS scheme used by the container. However, 
you can also provided your own RequestProcessor that can override this 
and use whatever scheme works for your application.

-- Ted Husted, Husted dot Com, Fairport NY US
-- Author, Java Web Development with Struts
-- Order it today:
-- http://husted.com/struts/book.html


amolk wrote:

> Hi,
> 
> I am new to Struts. I am referring the struts-example to build a prototype resembling our application which is right now using only servlets.
> 
> I need to authenticate each request that comes to the webapp ( though the action servlet ). There are two parts to the authentication scheme.
> 1. Authenticate the user when she provides the login name and password.
> 2. On very page ( or request ) verify that the request is coming from an authenticated user.
> 
> Both these parts would be required by most of the webapps ( if not all ).
> Different types of web apps could have different authentication schemes. So lets assume the first part cant be made generic.
> 
> But, why cant we have a generic version of CheckLogonTag and the corresponding <app:checkLogon/> ? And make it part of the struts framework??
> Usage would be something like 
> Something like <app:checkLogon application="EA1" > for enterprise app1. EA1 string would be put in the session by the logonAction which is application specific.
> So, though the authentication scheme and the strings we put in the session to flag the session as authenticated would be different for different applications, the way to verify would be made generic which accepts parameters which are appliction dependent.
> Now, i have to "struts enable" 3 webapplications. Either i replicate the tld, Tag class, etc or make it generic so that i can use it across the apps.
> (Thinking of implementing the second option)
> 
> Any comments?
> ( or is there something like that already in place?? )
> 
> thnx,
> amol



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>