You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Elderclei R Reami <re...@vertisnet.com.br> on 2002/08/21 19:24:31 UTC

Re: [CORRECTION]RE: Container-managed authentication not possible

Thanks for the tips, Brandon & Todd. I will have a look at SecurityFilter, as I have no other option, perhaps I'll 
need to develop my own security control (not good anyway)

Regards.
Elder

On Wed, 21 Aug 2002 14:02:09 -0600, "Brandon Goodin" <ma...@phase.ws> escreveu :

> De: "Brandon Goodin" <ma...@phase.ws>
> Data: Wed, 21 Aug 2002 14:02:09 -0600
> Para: "Struts Users Mailing List" <st...@jakarta.apache.org>
> Assunto: [CORRECTION]RE: Container-managed authentication not possible
> 
> Sorry I am wrong :-) It plays nice with the request based info.
> 
> -----Original Message-----
> From: Brandon Goodin [mailto:mail@phase.ws]
> Sent: Wednesday, August 21, 2002 1:53 PM
> To: Struts Users Mailing List; tnist@bellsouth.net
> Subject: RE: Container-managed authentication not possible
> 
> 
> That is a cool project. But, it only "mimics". It has the same terminology
> associated with it. But it is NOT container managed security. Nor does it
> integrate (at this point) with many projects that use the container based
> security check methods like isUserInRole(). so, for example if you are using
> role checking with tiles it will not be able to locate the role and user
> information generated by SecurityFilter because it does not use container
> managed security. I wrote a SecurityFilter that interacts with an action to
> take advantage of container based security. It allows for auto-login, login
> from any page, and url based security. But the code is not very clean and is
> Tomcat specific. I am waiting for the ServletSpec to come up to par.
> Meanwhile my "SecurityFilter" is working and using container based security
> and I would rather stay tied to container managed security with all it's
> inflexibilities because it allows me to abstract my security from my app.
> 
> Just my rambling thoughts,
> Brandon Goodin
> Phase Web and Multimedia
> P(406)862-2245
> F(406)862-0354
> http://www.phase.ws
> 
> -----Original Message-----
> From: Todd G. Nist [mailto:tnist@bellsouth.net]
> Sent: Wednesday, August 21, 2002 2:46 PM
> To: 'Struts Users Mailing List'
> Subject: RE: Container-managed authentication not possible
> 
> 
> You may want to take a look at the SecurityFilter project on SourceForge.net
> by Max Cooper.  Summary form site:
> 
> 	"SecurityFilter is a Java Servlet Filter that mimics the behavior and
> 	 configuration format of container managed security, with several
> 	 development and deployment advantages."
> 
> 	 See the Home Page http://securityfilter.sourceforge.net at for more
> details.
> 
> Regards,
> 
> Todd G. Nist
> 
> 
> -----Original Message-----
> From: Brandon Goodin [mailto:mail@phase.ws]
> Sent: Wednesday, August 21, 2002 2:48 PM
> To: Struts Users Mailing List
> Subject: RE: Container-managed authentication not possible
> 
> 
> You can implement container managed security in web.xml only if it has been
> setup within the server.xml under your host settings.
> 
> Brandon Goodin
> Phase Web and Multimedia
> P(406)862-2245
> F(406)862-0354
> http://www.phase.ws
> 
> -----Original Message-----
> From: Elderclei R Reami [mailto:reami@vertisnet.com.br]
> Sent: Wednesday, August 21, 2002 3:44 PM
> To: struts-user@jakarta.apache.org
> Subject: Container-managed authentication not possible
> 
> 
> Hi Friends,
> 
> It's been a month developing in struts, and the party's been pretty good.
> I'm just finishing my first application
> (30 jsps, actions, and so on), and now I'm including some security in it.
> 
> I'm in trouble regarding authentication, because my client's  ISP does not
> let me change server.xml configs,
> probably because they use virtual hosting. My question is: is it possible to
> configure container-managed
> authentication using the web.xml? Or must I implement my own authentication?
> 
> Cheers,
> Elderclei R Reami
> Vertis Tecnologia
> +55 11 3887-0835
> www.vertisnet.com.br
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
> 
> 
> 
> 

Elderclei R Reami
Vertis Tecnologia
+55 11 3887-0835
www.vertisnet.com.br


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>