You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Gogineni, Pratima" <pg...@selectica.com> on 2001/06/12 23:56:21 UTC
Re: Idle timeout Handling
>A completely different approach is to use container-managed security, as
described in the Servlet API Specification >>
><<http://java.sun.com/products/servlet/download.html>>. Here, you are
relying on the servlet container to manage user logon, so that you do not
have to check
>anything on a per-request basis. > > Thanks, > Shiraz
> Craig McClanahan
When you use the servlet container basic authentication - the session is
automatically refreshed (because the user info is sent directly from the
browser) but you still may need to refresh the data/warn the user that the
data has been refreshed since the user may think he is continuing from the
the place he left off but ends up operating on a form-bean in the initial
state.
Could someone correct me if my assumption is wrong?
pratima
____________________________________
Pratima Gogineni
Core Technology
Selectica, Inc.
3 West Plumeria Drive
San Jose CA 95134.2111
www.selectica.com
Direct: 408.545.2615
Main: 408.570.9700
Mobile: 408.315.6380
Fax: 408.570.2167
See our Internet Selling Systems in action:
http://www.selectica.com/iss_in_action/
RE: Form-based Authentication
Posted by Abraham Kang <ab...@infogain.com>.
Hi Matt,
I have done this successfully with WebLogic 6.0 and 5.1 and JRun 3.1.
Here is what I learned.
If you need to do login preprocessing you will need to specify a
login-form that does not have j_security_check as its action. This login
form will submit to non-secured servlet. This servlet will do the
pre-processing and then forward the j_username and j_password to
j_security_check.
If you need post authentication routines then you will have to sniff the
session attribute that the requested URL was stored under. In WebLogic this
is "_wl_formauth_url". When they get to the login page you will need to
replace this attribute("_wl_formauth_url") with the post-processing servlet
URL. At the same time you will need to store the original value of session
attribute ("_wl_formauth_url") to some other key in the session that the
post-processing servlet can use to redirect the user to their desired url
after post processing.
Hope This Helps,
Abraham
> -----Original Message-----
> From: Matt Raible [mailto:matt_raible@yahoo.com]
> Sent: Tuesday, June 12, 2001 3:14 PM
> To: struts-user@jakarta.apache.org
> Subject: Form-based Authentication
>
>
> Has anyone implemented form-based authentication and Struts as defined by
> the J2EE Blueprints?
>
> http://java.sun.com/j2ee/blueprints/packaging_deployment/descripto
> rs/index.h
> tml#1035772
>
> If so, any lessons learned from the appserver you deployed in?
>
> Thanks,
>
> Matt
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
Form-based Authentication
Posted by Matt Raible <ma...@yahoo.com>.
Has anyone implemented form-based authentication and Struts as defined by
the J2EE Blueprints?
http://java.sun.com/j2ee/blueprints/packaging_deployment/descriptors/index.h
tml#1035772
If so, any lessons learned from the appserver you deployed in?
Thanks,
Matt
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com