You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Adam Lipscombe <ad...@expensys.com> on 2004/06/16 11:10:45 UTC

Newbie: Using Struts with JAAS?

Folks,


I am struggling to understand how to use JAAS with Struts 1.1
I need a simple-to-follow example. 


The requirement is for standard authentication and permission handling -
logging a user in and checking that they have permission to access an Action
or URL.

Should I use JAAS or home-grown security?

If I go down the home-grown route logging in a user is no problem. 
One way that occurs to me to enforce permissions is to put a check into each
JSP to ensure that the user has the appropriate role to view that page and
redirect if not.


What do people think? Is JAAS the way to go? 
If JAAS, what are the advantages in a Struts context?
Is there a simple JAAS example somewhere that I can cut and paste from?



TIA - Adam


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Newbie: Using Struts with JAAS?

Posted by Ravi Vedala <ra...@vmoksha.com>.

Try looking at JGuard !

regds
r-a-v-i
----- Original Message -----
From: "Adam Lipscombe" <ad...@expensys.com>
To: "'Struts Users Mailing List'" <us...@struts.apache.org>
Sent: Wednesday, June 16, 2004 2:40 PM
Subject: Newbie: Using Struts with JAAS?


> Folks,
>
>
> I am struggling to understand how to use JAAS with Struts 1.1
> I need a simple-to-follow example.
>
>
> The requirement is for standard authentication and permission handling -
> logging a user in and checking that they have permission to access an
Action
> or URL.
>
> Should I use JAAS or home-grown security?
>
> If I go down the home-grown route logging in a user is no problem.
> One way that occurs to me to enforce permissions is to put a check into
each
> JSP to ensure that the user has the appropriate role to view that page and
> redirect if not.
>
>
> What do people think? Is JAAS the way to go?
> If JAAS, what are the advantages in a Struts context?
> Is there a simple JAAS example somewhere that I can cut and paste from?
>
>
>
> TIA - Adam
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

RE: Newbie: Using Struts with JAAS?

Posted by Matthias Wessendorf <ma...@matthias-wessendorf.de>.

Hi Adam,

in tomcat 4.1.X
there is an application (admin)

that is based upon JAAS and struts.
it uses MemoryRealm to identify the users.
(a file "tomcat-users.xml" in $TOMCAT_HOME/conf)

watch WEB.XML (for security-rules)
and login.jps in $TOMCAT_HOME/server/webapps/admin

there is also a simple logoutAction...:
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/webapps/admin/WEB-I
NF/classes/org/apache/webapp/admin/LogOutAction.java?rev=1.1&view=markup


hope that helps you!


> -----Original Message-----
> From: Adam Lipscombe [mailto:adam.lipscombe@expensys.com] 
> Sent: Wednesday, June 16, 2004 11:11 AM
> To: 'Struts Users Mailing List'
> Subject: Newbie: Using Struts with JAAS?
> 
> 
> Folks,
> 
> 
> I am struggling to understand how to use JAAS with Struts 1.1
> I need a simple-to-follow example. 
> 
> 
> The requirement is for standard authentication and permission 
> handling - logging a user in and checking that they have 
> permission to access an Action or URL.
> 
> Should I use JAAS or home-grown security?
> 
> If I go down the home-grown route logging in a user is no problem. 
> One way that occurs to me to enforce permissions is to put a 
> check into each JSP to ensure that the user has the 
> appropriate role to view that page and redirect if not.
> 
> 
> What do people think? Is JAAS the way to go? 
> If JAAS, what are the advantages in a Struts context?
> Is there a simple JAAS example somewhere that I can cut and 
> paste from?
> 
> 
> 
> TIA - Adam
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org