You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by Tim Clotworthy <tc...@bka-inc.com> on 2003/04/18 20:11:00 UTC

Guidance on JAAS and Struts

Hello,
Jakarta indicates that Struts1.1 will provide "direct support" for JAAS,
but (best as I can tell), provides no specific guidance on how best to
use JAAS and Struts.

Specifically, I am looking for good guidance on Struts and JAAS
authorization (the second "A" in JAAS), as the authentication part (the
first "A" in JAAS) with Struts is straight-forward enough.

The only info I have found regarding Struts and JAAS is this relatively
old article: http://www.mooreds.com/jaas.html from Dan Moore. The
authentication section is fine, but I was wondering whether anyone has
alternative ideas for the authorization part to Dan's suggestion of
extending the Action Servlet and overriding the process method (which is
perhaps not ideal from a maintenance perspective.


Thanks so much in advance!

RE: Guidance on JAAS and Struts

Posted by Tim Clotworthy <tc...@bka-inc.com>.

Thanks. As I progress, I will share info with everyone.

> -----Original Message-----
> From: news [mailto:news@main.gmane.org] On Behalf Of Martin Cooper
> Sent: Monday, April 21, 2003 2:31 PM
> To: struts-dev@jakarta.apache.org
> Subject: Re: Guidance on JAAS and Struts
> 
> I believe the statement regarding direct support for JAAS is in
relation
> to
> the use of the 'role' attribute of action mappings and the 'role'
> attribute
> of various JSP tags (e.g. <logic:present>). This is very poorly
documented
> at present, I'm afraid. You might take a look at:
> 
> * The attributes for the <action> element in the struts-config_1_1.dtd
> file.
> * The taglib docs for the 'role' attributes.
> * The description of processRole() in the Building Controller docs.
> * The appropriate Javadoc comments.
> 
> And if you'd like to contribute improved documentation once you've
figured
> it out, that would, of course, be very much appreciated! ;-)
> 
> --
> Martin Cooper
> 
> 
> "Tim Clotworthy" <tc...@bka-inc.com> wrote in message
> news:005d01c305d5$e12b4c70$3201a8c0@sleipnir...
> > Hello,
> > Jakarta indicates that Struts1.1 will provide "direct support" for
JAAS,
> > but (best as I can tell), provides no specific guidance on how best
to
> > use JAAS and Struts.
> >
> > Specifically, I am looking for good guidance on Struts and JAAS
> > authorization (the second "A" in JAAS), as the authentication part
(the
> > first "A" in JAAS) with Struts is straight-forward enough.
> >
> > The only info I have found regarding Struts and JAAS is this
relatively
> > old article: http://www.mooreds.com/jaas.html from Dan Moore. The
> > authentication section is fine, but I was wondering whether anyone
has
> > alternative ideas for the authorization part to Dan's suggestion of
> > extending the Action Servlet and overriding the process method
(which is
> > perhaps not ideal from a maintenance perspective.
> >
> >
> > Thanks so much in advance!
> >
> >
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org

Re: Guidance on JAAS and Struts

Posted by Martin Cooper <ma...@apache.org>.

I believe the statement regarding direct support for JAAS is in relation to
the use of the 'role' attribute of action mappings and the 'role' attribute
of various JSP tags (e.g. <logic:present>). This is very poorly documented
at present, I'm afraid. You might take a look at:

* The attributes for the <action> element in the struts-config_1_1.dtd file.
* The taglib docs for the 'role' attributes.
* The description of processRole() in the Building Controller docs.
* The appropriate Javadoc comments.

And if you'd like to contribute improved documentation once you've figured
it out, that would, of course, be very much appreciated! ;-)

--
Martin Cooper


"Tim Clotworthy" <tc...@bka-inc.com> wrote in message
news:005d01c305d5$e12b4c70$3201a8c0@sleipnir...
> Hello,
> Jakarta indicates that Struts1.1 will provide "direct support" for JAAS,
> but (best as I can tell), provides no specific guidance on how best to
> use JAAS and Struts.
>
> Specifically, I am looking for good guidance on Struts and JAAS
> authorization (the second "A" in JAAS), as the authentication part (the
> first "A" in JAAS) with Struts is straight-forward enough.
>
> The only info I have found regarding Struts and JAAS is this relatively
> old article: http://www.mooreds.com/jaas.html from Dan Moore. The
> authentication section is fine, but I was wondering whether anyone has
> alternative ideas for the authorization part to Dan's suggestion of
> extending the Action Servlet and overriding the process method (which is
> perhaps not ideal from a maintenance perspective.
>
>
> Thanks so much in advance!
>
>




---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org