You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Jim Krygowski <ja...@shaws.com> on 2003/05/19 19:26:02 UTC
[OT] two headed toad toads with red eyes - viral meme?
Hey-
Is the mailing list being invaded by struts coding herpetologists or what?
Seriously, can someone explain the etymology of this "two headed toad toads
with red eyes" thing? I've spotted it in a few posts recently and I'm
curious to know what culture, literature, etc. gave birth to this phrase.
> -----Original Message-----
> From: Adam Hardy [mailto:ahardy.struts@cyberspaceroad.com]
> Sent: Monday, May 19, 2003 1:12 PM
> To: Struts Users Mailing List
> Subject: Re: two-step container managed authentication
>
>
> The heavy bit about JAAS was working out how it worked. Lots of two
> headed toad toads with red eyes. But I got the hang of it and it is
> actually not a complex framework (at least until you add in 3 or 4
> different login modules with different priorities accessing different
> LDAP directories)
>
> The native java JAAS classes apparently have an LDAP login module class
> ready and waiting. I didn't look at it though so it might not be what
> you need.
>
> A quick test shows that j_username is lost from the request after
> j_security_check is done. I think a servlet dumps the login request and
> reincarnates the original request that prompted the security check.
> Might be wrong though.
>
> Erik Price wrote:
> >
> >
> > Adam Hardy wrote:
> >
> >> Last time I had a conversation about this, it got very off-topic
> >> quickly, because it's much more tomcat than struts. Struts does tie in
> >> with CMA via struts' ability to specify roles as security constraints
> >> on action mappings though.
> >
> >
> > Well, actually I had considered prefixing OT because it does seem
> > unrelated, but then I wondered if perhaps the solution is to
> incorporate
> > an Action that does this somehow (which would seem more Strutsish)? In
> > other words, something like:
> >
> > - Incoming request for resource is intercepted by container managed
> > authorization
> > - Authorization is performed against JNDI/LDAP
> > - If authorization is successful, proceed to LoginAction
> > - LoginAction checks if the user exists in the DB and takes appropriate
> > steps depending (presumably the "j_username" form data is still
> > available to the Action?)
> >
> > ... since at this point, JAAS sounds a bit heavy for my needs (although
> > certainly useful if my project were larger in scale). I would be
> > interested in hearing what you have to say about it when you're done
> > digging through it, though.
> >
> > Just not sure if the above will actually work, or if there are better
> > strategies.
> >
> >
> > Erik
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: [OT] two headed toad toads with red eyes - viral meme?
Posted by Andrew Hill <an...@gridnode.com>.
<snip>
Is the mailing list being invaded by struts coding herpetologists or what?
</snip>
Si Baroni!
...Perhaps someone should call DangerMouse and his trusty assistant Penfold
to come deal with all these toads?
...or maybe I should just go home and get some sleep....
-----Original Message-----
From: Jim Krygowski [mailto:james.krygowski@shaws.com]
Sent: Tuesday, 20 May 2003 01:26
To: Struts Users Mailing List
Subject: [OT] two headed toad toads with red eyes - viral meme?
Hey-
Is the mailing list being invaded by struts coding herpetologists or what?
Seriously, can someone explain the etymology of this "two headed toad toads
with red eyes" thing? I've spotted it in a few posts recently and I'm
curious to know what culture, literature, etc. gave birth to this phrase.
> -----Original Message-----
> From: Adam Hardy [mailto:ahardy.struts@cyberspaceroad.com]
> Sent: Monday, May 19, 2003 1:12 PM
> To: Struts Users Mailing List
> Subject: Re: two-step container managed authentication
>
>
> The heavy bit about JAAS was working out how it worked. Lots of two
> headed toad toads with red eyes. But I got the hang of it and it is
> actually not a complex framework (at least until you add in 3 or 4
> different login modules with different priorities accessing different
> LDAP directories)
>
> The native java JAAS classes apparently have an LDAP login module class
> ready and waiting. I didn't look at it though so it might not be what
> you need.
>
> A quick test shows that j_username is lost from the request after
> j_security_check is done. I think a servlet dumps the login request and
> reincarnates the original request that prompted the security check.
> Might be wrong though.
>
> Erik Price wrote:
> >
> >
> > Adam Hardy wrote:
> >
> >> Last time I had a conversation about this, it got very off-topic
> >> quickly, because it's much more tomcat than struts. Struts does tie in
> >> with CMA via struts' ability to specify roles as security constraints
> >> on action mappings though.
> >
> >
> > Well, actually I had considered prefixing OT because it does seem
> > unrelated, but then I wondered if perhaps the solution is to
> incorporate
> > an Action that does this somehow (which would seem more Strutsish)? In
> > other words, something like:
> >
> > - Incoming request for resource is intercepted by container managed
> > authorization
> > - Authorization is performed against JNDI/LDAP
> > - If authorization is successful, proceed to LoginAction
> > - LoginAction checks if the user exists in the DB and takes appropriate
> > steps depending (presumably the "j_username" form data is still
> > available to the Action?)
> >
> > ... since at this point, JAAS sounds a bit heavy for my needs (although
> > certainly useful if my project were larger in scale). I would be
> > interested in hearing what you have to say about it when you're done
> > digging through it, though.
> >
> > Just not sure if the above will actually work, or if there are better
> > strategies.
> >
> >
> > Erik
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org