RE: Login Form
All, Please find attached my securityfilter realm adaptor. The other code I was waiting for hasn't materialised, so I couldn't do any comparison - but it seems to work for me... Good luck, and any probs just shout. And nope, I have know idea if the extra functionality is to be resolved in the near future within an updated container specification. Any one know how we could 'force' the issue? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Wed, 2003-07-09 at 15:33, Erez Efrati wrote: Sean, many thanks for keeping up with my questions - appreciate it. And yes you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have you got any idea if this issue is about to be resolved at the Servlet Container Spec ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:19 AM To: Struts Users Mailing List Subject: RE: Login Form On Tue, 2003-07-08 at 20:34, Erez Efrati wrote: Thanks Sean, I looked at it and it does avoid the BIG limitation posed by the standard spec in fact. Still I cannot use it since it disables the passing of the principal identity through calls to EJB methods. That's what it says in the introductory documentation, but... You're using JBoss/Tomcat right? Well give me a day and I'll email you a class that should do all you want... It's a RealmAdaptor for securityfilter/Jboss that uses the JBoss security extension and so correctly instantiates the Principal for the EJB layer. It works for me with JBoss4/Jetty, so you should give it a try. (I'm waiting on some code from another guy whose done similar and so just want to compare - if his stuff doesn't arrive shortly, I'll send mine as it) Now, I am new to the web development and it amazes me that such a basic feature is missing from the Servlet spec and is not addressed. Why is it that way? Is it so unusual to want to have the login fields on the start page?? Not unusual at all... And many Java sites have it that way, but they don't necessarily use container authentication and they probably don't use EJB's (many people steer clear - deep seated reservations from 1.0 are still abound). If I get time I'm going to try and get the Jetty guys to 'surface' their web Authenticators to allow developers to roll their own... I've looked at the code and shouldn't be too difficult - one or two areas I'm not sure about, but... Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:21 PM To: Struts Users Mailing List Subject: RE: Login Form Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] /* * @author sradford * pCreated 07-Jul-2003/p * pCopyright 2002-2003, Aegeus Technology Limited. * pAll rights reserved./p * pUse at you desire with no liability to the author./p */ package com.aegeus.securityfilter import java.security.Principal; import java.util.HashSet; import java.util.Set
RE: Login Form
Sean, Thanks for the code. I have downloaded everything and I am about to start playing with it. But from reading still, I am a bit confused here. Is this code + SecurityFilter replaces the container security configuration of JBoss/Tomcat in ejb-jar.xml, web.xml, jboss.xml, jboss-web.xml ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:26 AM To: Struts Users Mailing List Subject: RE: Login Form All, Please find attached my securityfilter realm adaptor. The other code I was waiting for hasn't materialised, so I couldn't do any comparison - but it seems to work for me... Good luck, and any probs just shout. And nope, I have know idea if the extra functionality is to be resolved in the near future within an updated container specification. Any one know how we could 'force' the issue? Regards, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Wed, 2003-07-09 at 15:33, Erez Efrati wrote: Sean, many thanks for keeping up with my questions - appreciate it. And yes you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have you got any idea if this issue is about to be resolved at the Servlet Container Spec ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:19 AM To: Struts Users Mailing List Subject: RE: Login Form On Tue, 2003-07-08 at 20:34, Erez Efrati wrote: Thanks Sean, I looked at it and it does avoid the BIG limitation posed by the standard spec in fact. Still I cannot use it since it disables the passing of the principal identity through calls to EJB methods. That's what it says in the introductory documentation, but... You're using JBoss/Tomcat right? Well give me a day and I'll email you a class that should do all you want... It's a RealmAdaptor for securityfilter/Jboss that uses the JBoss security extension and so correctly instantiates the Principal for the EJB layer. It works for me with JBoss4/Jetty, so you should give it a try. (I'm waiting on some code from another guy whose done similar and so just want to compare - if his stuff doesn't arrive shortly, I'll send mine as it) Now, I am new to the web development and it amazes me that such a basic feature is missing from the Servlet spec and is not addressed. Why is it that way? Is it so unusual to want to have the login fields on the start page?? Not unusual at all... And many Java sites have it that way, but they don't necessarily use container authentication and they probably don't use EJB's (many people steer clear - deep seated reservations from 1.0 are still abound). If I get time I'm going to try and get the Jetty guys to 'surface' their web Authenticators to allow developers to roll their own... I've looked at the code and shouldn't be too difficult - one or two areas I'm not sure about, but... Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:21 PM To: Struts Users Mailing List Subject: RE: Login Form Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: Login Form
Erez, Things you need to do: 1. Get your EJB's installed and working with your JAAS plugin (or one of the supplied JBoss ones). So standard J2EE settings in ejb-jar.xml, and a standard jboss.xml (your security-domain in particular). 2. Create your web app as per the security filter instructions. That means moving the security defintions that are normally in web.xml to the securityfilter-config.xml file, and defining the Filter in web.xml. And in jboss-web.xml you need to define the security-domain. Then you just need to specify 'my' class as the realm in the securityfilter-config.xml: realm className=com.aegeus.securityfilter.JBossRealmAdapter/realm Hope that helps, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Thu, 2003-07-10 at 12:01, Erez Efrati wrote: Sean, Thanks for the code. I have downloaded everything and I am about to start playing with it. But from reading still, I am a bit confused here. Is this code + SecurityFilter replaces the container security configuration of JBoss/Tomcat in ejb-jar.xml, web.xml, jboss.xml, jboss-web.xml ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:26 AM To: Struts Users Mailing List Subject: RE: Login Form All, Please find attached my securityfilter realm adaptor. The other code I was waiting for hasn't materialised, so I couldn't do any comparison - but it seems to work for me... Good luck, and any probs just shout. And nope, I have know idea if the extra functionality is to be resolved in the near future within an updated container specification. Any one know how we could 'force' the issue? Regards, Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Thanks a lot Sean, I will try it and let you know how it works. Thanks for your great help, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:28 PM To: Struts Users Mailing List Subject: RE: Login Form Erez, Things you need to do: 1. Get your EJB's installed and working with your JAAS plugin (or one of the supplied JBoss ones). So standard J2EE settings in ejb-jar.xml, and a standard jboss.xml (your security-domain in particular). 2. Create your web app as per the security filter instructions. That means moving the security defintions that are normally in web.xml to the securityfilter-config.xml file, and defining the Filter in web.xml. And in jboss-web.xml you need to define the security-domain. Then you just need to specify 'my' class as the realm in the securityfilter-config.xml: realm className=com.aegeus.securityfilter.JBossRealmAdapter/realm Hope that helps, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Thu, 2003-07-10 at 12:01, Erez Efrati wrote: Sean, Thanks for the code. I have downloaded everything and I am about to start playing with it. But from reading still, I am a bit confused here. Is this code + SecurityFilter replaces the container security configuration of JBoss/Tomcat in ejb-jar.xml, web.xml, jboss.xml, jboss-web.xml ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:26 AM To: Struts Users Mailing List Subject: RE: Login Form All, Please find attached my securityfilter realm adaptor. The other code I was waiting for hasn't materialised, so I couldn't do any comparison - but it seems to work for me... Good luck, and any probs just shout. And nope, I have know idea if the extra functionality is to be resolved in the near future within an updated container specification. Any one know how we could 'force' the issue? Regards, Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Sean, I have tried out the SecurityFilter web examples and they are working just fine. I have started to integrate it into my project, but I am getting compilation errors on the JBossRealmAdapter.java. It can't seem to find AuthenticationManager, RealmManager, SubjectSecurityManager. Just for some background info: I am using JBuilder 8.0EE and I am using the JBoss 3.0.7 , Does that have anything to do with the compilation errors? Do I need a later version of JBoss? Thanks, Erez -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 4:44 PM To: 'Struts Users Mailing List' Subject: RE: Login Form Thanks a lot Sean, I will try it and let you know how it works. Thanks for your great help, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:28 PM To: Struts Users Mailing List Subject: RE: Login Form Erez, Things you need to do: 1. Get your EJB's installed and working with your JAAS plugin (or one of the supplied JBoss ones). So standard J2EE settings in ejb-jar.xml, and a standard jboss.xml (your security-domain in particular). 2. Create your web app as per the security filter instructions. That means moving the security defintions that are normally in web.xml to the securityfilter-config.xml file, and defining the Filter in web.xml. And in jboss-web.xml you need to define the security-domain. Then you just need to specify 'my' class as the realm in the securityfilter-config.xml: realm className=com.aegeus.securityfilter.JBossRealmAdapter/realm Hope that helps, Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Thu, 2003-07-10 at 12:01, Erez Efrati wrote: Sean, Thanks for the code. I have downloaded everything and I am about to start playing with it. But from reading still, I am a bit confused here. Is this code + SecurityFilter replaces the container security configuration of JBoss/Tomcat in ejb-jar.xml, web.xml, jboss.xml, jboss-web.xml ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 11:26 AM To: Struts Users Mailing List Subject: RE: Login Form All, Please find attached my securityfilter realm adaptor. The other code I was waiting for hasn't materialised, so I couldn't do any comparison - but it seems to work for me... Good luck, and any probs just shout. And nope, I have know idea if the extra functionality is to be resolved in the near future within an updated container specification. Any one know how we could 'force' the issue? Regards, Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
,org.apache.struts.validator.FieldChecks 21:20:11,732 INFO [ValidatorResources] Add ValidatorAction: minlength,org.apache.struts.validator.FieldChecks 21:20:11,742 INFO [ValidatorResources] Add ValidatorAction: maxlength,org.apache.struts.validator.FieldChecks 21:20:11,782 INFO [ValidatorResources] Add ValidatorAction: mask,org.apache.struts.validator.FieldChecks 21:20:11,852 INFO [ValidatorResources] Add ValidatorAction: byte,org.apache.struts.validator.FieldChecks 21:20:11,862 INFO [ValidatorResources] Add ValidatorAction: short,org.apache.struts.validator.FieldChecks 21:20:11,882 INFO [ValidatorResources] Add ValidatorAction: integer,org.apache.struts.validator.FieldChecks 21:20:11,902 INFO [ValidatorResources] Add ValidatorAction: long,org.apache.struts.validator.FieldChecks 21:20:11,942 INFO [ValidatorResources] Add ValidatorAction: float,org.apache.struts.validator.FieldChecks 21:20:11,952 INFO [ValidatorResources] Add ValidatorAction: double,org.apache.struts.validator.FieldChecks 21:20:11,972 INFO [ValidatorResources] Add ValidatorAction: date,org.apache.struts.validator.FieldChecks 21:20:11,982 INFO [ValidatorResources] Add ValidatorAction: range,org.apache.struts.validator.FieldChecks 21:20:11,992 INFO [ValidatorResources] Add ValidatorAction: intRange,org.apache.struts.validator.FieldChecks 21:20:11,992 INFO [ValidatorResources] Add ValidatorAction: floatRange,org.apache.struts.validator.FieldChecks 21:20:12,002 INFO [ValidatorResources] Add ValidatorAction: creditCard,org.apache.struts.validator.FieldChecks 21:20:12,042 INFO [ValidatorResources] Add ValidatorAction: email,org.apache.struts.validator.FieldChecks 21:20:12,052 INFO [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validation.xml' -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 6:27 PM To: Struts Users Mailing List Subject: RE: Login Form Just need to include the relevant JBoss jar(s) on your classpath in JBuilder... For JBoss 4 it is simply jboss.jar (found in JBOSS_HOME/server/CONFIG/lib) :-) Sean -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems On Thu, 2003-07-10 at 17:59, Erez Efrati wrote: Sean, I have tried out the SecurityFilter web examples and they are working just fine. I have started to integrate it into my project, but I am getting compilation errors on the JBossRealmAdapter.java. It can't seem to find AuthenticationManager, RealmManager, SubjectSecurityManager. Just for some background info: I am using JBuilder 8.0EE and I am using the JBoss 3.0.7 , Does that have anything to do with the compilation errors? Do I need a later version of JBoss? Thanks, Erez -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 4:44 PM To: 'Struts Users Mailing List' Subject: RE: Login Form Thanks a lot Sean, I will try it and let you know how it works. Thanks for your great help, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 12:28 PM To: Struts Users Mailing List Subject: RE: Login Form Erez, Things you need to do: 1. Get your EJB's installed and working with your JAAS plugin (or one of the supplied JBoss ones). So standard J2EE settings in ejb-jar.xml, and a standard jboss.xml (your security-domain in particular). 2. Create your web app as per the security filter instructions. That means moving the security defintions that are normally in web.xml to the securityfilter-config.xml file, and defining the Filter in web.xml. And in jboss-web.xml you need to define the security-domain. Then you just need to specify 'my' class as the realm in the securityfilter-config.xml: realm className=com.aegeus.securityfilter.JBossRealmAdapter/realm Hope that helps, Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
On Thu, 10 Jul 2003, Erez Efrati wrote: Date: Thu, 10 Jul 2003 20:29:11 +0200 From: Erez Efrati [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Subject: RE: Login Form Yep, I've done that and it's compiling... but like any other programming story, we must suffer first I guess before seeing some results and a smile. Anyway, I've started using it but I got the following error: What does it mean? Since this issue doesn't have anything to do with Struts any more, would you folks mind continuing the conversation separately? Thanks, Erez Craig 21:20:09,268 ERROR [Digester] Begin event threw exception java.lang.ClassNotFoundException: No ClassLoaders found for: org.securityfilter.config.SecurityConstraint at org.jboss.mx.loading.LoadMgr.beginLoadTask(LoadMgr.java:156) at org.jboss.mx.loading.UnifiedClassLoader3.loadClass(UnifiedClassLoader3.j ava:161) at java.lang.ClassLoader.loadClass(ClassLoader.java:255) at org.apache.commons.digester.ObjectCreateRule.begin(ObjectCreateRule.java :252) at org.apache.commons.digester.Rule.begin(Rule.java:200) at org.apache.commons.digester.Digester.startElement(Digester.java:1268) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1490) at org.apache.crimson.parser.Parser2.content(Parser2.java:1779) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1507) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:500) at org.apache.crimson.parser.Parser2.parse(Parser2.java:305) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442) at org.apache.commons.digester.Digester.parse(Digester.java:1543) at org.securityfilter.config.SecurityConfig.loadConfig(SecurityConfig.java: 276) at org.securityfilter.filter.SecurityFilter.init(SecurityFilter.java:220) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFi lterConfig.java:266) at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(Applicatio nFilterConfig.java:327) at org.apache.catalina.core.ApplicationFilterConfig.init(ApplicationFilte rConfig.java:120) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.jav a:3158) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3602 ) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja va:821) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579) at org.jboss.web.catalina.EmbeddedCatalinaService41.createWebContext(Embedd edCatalinaService41.java:432) at org.jboss.web.catalina.EmbeddedCatalinaService41.performDeploy(EmbeddedC atalinaService41.java:306) at org.jboss.web.AbstractWebContainer.start(AbstractWebContainer.java:301) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:814) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:806) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:627) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:591) at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDi spatcher.java:284) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517) at org.jboss.util.jmx.MBeanProxy.invoke(MBeanProxy.java:174) at $Proxy3.deploy(Unknown Source) at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentSc anner.java:435) at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScan ner.java:561) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doS can(AbstractDeploymentScanner.java:217) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loo p(AbstractDeploymentScanner.java:230) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run (AbstractDeploymentScanner.java:207) 21:20:09,288 ERROR [STDERR] unable to parse input: java.lang.ClassNotFoundException: No ClassLoaders found for: org.securityfilter.config.SecurityConstraint 21:20:09,288 INFO [Engine] StandardWrapper[/Tea4Two:default]: Loading container servlet default 21:20:09,609 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true 21:20:09,609 INFO [PropertyMessageResources] Initializing, config='org.apache.struts.action.ActionResources', returnNull=true 21:20:10,700 INFO [PropertyMessageResources] Initializing
RE: Login Form
On Tue, 2003-07-08 at 20:34, Erez Efrati wrote: Thanks Sean, I looked at it and it does avoid the BIG limitation posed by the standard spec in fact. Still I cannot use it since it disables the passing of the principal identity through calls to EJB methods. That's what it says in the introductory documentation, but... You're using JBoss/Tomcat right? Well give me a day and I'll email you a class that should do all you want... It's a RealmAdaptor for securityfilter/Jboss that uses the JBoss security extension and so correctly instantiates the Principal for the EJB layer. It works for me with JBoss4/Jetty, so you should give it a try. (I'm waiting on some code from another guy whose done similar and so just want to compare - if his stuff doesn't arrive shortly, I'll send mine as it) Now, I am new to the web development and it amazes me that such a basic feature is missing from the Servlet spec and is not addressed. Why is it that way? Is it so unusual to want to have the login fields on the start page?? Not unusual at all... And many Java sites have it that way, but they don't necessarily use container authentication and they probably don't use EJB's (many people steer clear - deep seated reservations from 1.0 are still abound). If I get time I'm going to try and get the Jetty guys to 'surface' their web Authenticators to allow developers to roll their own... I've looked at the code and shouldn't be too difficult - one or two areas I'm not sure about, but... Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:21 PM To: Struts Users Mailing List Subject: RE: Login Form Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Sean, many thanks for keeping up with my questions - appreciate it. And yes you are correct. I am using JBoss 3.0.7 / Tomcat 4.1.24. By the way have you got any idea if this issue is about to be resolved at the Servlet Container Spec ? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:19 AM To: Struts Users Mailing List Subject: RE: Login Form On Tue, 2003-07-08 at 20:34, Erez Efrati wrote: Thanks Sean, I looked at it and it does avoid the BIG limitation posed by the standard spec in fact. Still I cannot use it since it disables the passing of the principal identity through calls to EJB methods. That's what it says in the introductory documentation, but... You're using JBoss/Tomcat right? Well give me a day and I'll email you a class that should do all you want... It's a RealmAdaptor for securityfilter/Jboss that uses the JBoss security extension and so correctly instantiates the Principal for the EJB layer. It works for me with JBoss4/Jetty, so you should give it a try. (I'm waiting on some code from another guy whose done similar and so just want to compare - if his stuff doesn't arrive shortly, I'll send mine as it) Now, I am new to the web development and it amazes me that such a basic feature is missing from the Servlet spec and is not addressed. Why is it that way? Is it so unusual to want to have the login fields on the start page?? Not unusual at all... And many Java sites have it that way, but they don't necessarily use container authentication and they probably don't use EJB's (many people steer clear - deep seated reservations from 1.0 are still abound). If I get time I'm going to try and get the Jetty guys to 'surface' their web Authenticators to allow developers to roll their own... I've looked at the code and shouldn't be too difficult - one or two areas I'm not sure about, but... Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:21 PM To: Struts Users Mailing List Subject: RE: Login Form Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Not sure if I understand it entirely. But you can use an iframe for the login form(protected page) on the site home page. Something like: iframe name='logon_frame' id='logon_frame' style='width:100%; height:120;' SCROLLING='no' src='https://localhost:8443/logon_iframe.jsp'/iframe Hope this helps. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Yansheng Lin, I didn't understand, sorry. All I want to do is enable the users to login into my site from the starting page of the web site. Is it possible to post the a form action='j_security_check'? I mean before accessing a protected page which the Tomcat protects and sends me the my login page. I want to note here that I am using the JAAS. Thanks, Erez -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:47 PM To: 'Struts Users Mailing List' Subject: RE: Login Form Not sure if I understand it entirely. But you can use an iframe for the login form(protected page) on the site home page. Something like: iframe name='logon_frame' id='logon_frame' style='width:100%; height:120;' SCROLLING='no' src='https://localhost:8443/logon_iframe.jsp'/iframe Hope this helps. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Oh I thought you had trouble accessing a protected login page from a non-secure page. Is this what you want to do in your main page? FORM method=post action='my_security_check' User ID: INPUT name='j_username' type='text' size='20' /BR/ Password: INPUT name='j_password' type='password' size='20' /BR/ INPUT type='submit' name='login' value='login' / INPUT type='reset' /BR/ /FORM And your problem is that you don't have control over 'my_security_check' does in JAAS. I found an archive mail on this newsgroup, maybe what you want. Sorry I don't know much about the api in JAAS. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 11:03 AM To: 'Struts Users Mailing List' Subject: RE: Login Form Yansheng Lin, I didn't understand, sorry. All I want to do is enable the users to login into my site from the starting page of the web site. Is it possible to post the a form action='j_security_check'? I mean before accessing a protected page which the Tomcat protects and sends me the my login page. I want to note here that I am using the JAAS. Thanks, Erez -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:47 PM To: 'Struts Users Mailing List' Subject: RE: Login Form Not sure if I understand it entirely. But you can use an iframe for the login form(protected page) on the site home page. Something like: iframe name='logon_frame' id='logon_frame' style='width:100%; height:120;' SCROLLING='no' src='https://localhost:8443/logon_iframe.jsp'/iframe Hope this helps. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Here is the link: http://www.mail-archive.com/[EMAIL PROTECTED]/msg14215.html - Oh I thought you had trouble accessing a protected login page from a non-secure page. Is this what you want to do in your main page? FORM method=post action='my_security_check' User ID: INPUT name='j_username' type='text' size='20' /BR/ Password: INPUT name='j_password' type='password' size='20' /BR/ INPUT type='submit' name='login' value='login' / INPUT type='reset' /BR/ /FORM And your problem is that you don't have control over 'my_security_check' does in JAAS. I found an archive mail on this newsgroup, maybe what you want. Sorry I don't know much about the api in JAAS. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 11:03 AM To: 'Struts Users Mailing List' Subject: RE: Login Form Yansheng Lin, I didn't understand, sorry. All I want to do is enable the users to login into my site from the starting page of the web site. Is it possible to post the a form action='j_security_check'? I mean before accessing a protected page which the Tomcat protects and sends me the my login page. I want to note here that I am using the JAAS. Thanks, Erez -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:47 PM To: 'Struts Users Mailing List' Subject: RE: Login Form Not sure if I understand it entirely. But you can use an iframe for the login form(protected page) on the site home page. Something like: iframe name='logon_frame' id='logon_frame' style='width:100%; height:120;' SCROLLING='no' src='https://localhost:8443/logon_iframe.jsp'/iframe Hope this helps. -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
On Tue, 8 Jul 2003, Erez Efrati wrote: Date: Tue, 08 Jul 2003 19:03:17 +0200 From: Erez Efrati [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Subject: RE: Login Form Yansheng Lin, I didn't understand, sorry. All I want to do is enable the users to login into my site from the starting page of the web site. Is it possible to post the a form action='j_security_check'? No. If you really need programmatic login, you will want to look at roll your own security mechanisms instead of container managed security. I mean before accessing a protected page which the Tomcat protects and sends me the my login page. One approach would be to provide a login button (instead of a login form) that goes to a protected resource (triggering the login), and then have the protected resource forward or redirect back to your main menu. I want to note here that I am using the JAAS. If you're using Tomcat's JAASRealm (or something like it) for this, this fact won't make any difference. Thanks, Erez Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Login Form
Thanks Sean, I looked at it and it does avoid the BIG limitation posed by the standard spec in fact. Still I cannot use it since it disables the passing of the principal identity through calls to EJB methods. Now, I am new to the web development and it amazes me that such a basic feature is missing from the Servlet spec and is not addressed. Why is it that way? Is it so unusual to want to have the login fields on the start page?? Thanks, Erez -Original Message- From: Sean Radford [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 8:21 PM To: Struts Users Mailing List Subject: RE: Login Form Have a look at this (you may find what you want): http://sourceforge.net/projects/securityfilter/ Sean -Original Message- From: Erez Efrati [mailto:[EMAIL PROTECTED] Sent: July 8, 2003 10:11 AM To: 'Struts Users Mailing List' Subject: Login Form Hi, My question is a bit off Struts but still since I am using Struts and it's too urgent for me I thought to try my luck here, maybe someone had stumbled on this issue too. I am running JBoss/Tomcat/Struts using the JAAS for handling the application security aspects. I have used the auth-methodFORM/auth-method clauses inside the Web.xml file. In my web site I want to have the site home page to have also a small login form where the user could enter username and password and login to the site. The home page, contains other links as well, which lead to other parts of the site or even to external pages on other sites. From what I've read so far, it seems to me that the FORM method is activated only when the web user tries to access a protected page. Then the Web Server (Tomcat in my case) returns the loginPage stated in the Web.xml file, and only after the login is performed (j_security_check) the Tomcat then redirects the web user to the original portected page. Is it possible to have the site home page as the login page still using mechanisms of FORM and JAAS? If so I would really appreciate any help on how to do it, and what are the configurations required. Thanks, Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dr. Sean Radford, MBBS, MSc [EMAIL PROTECTED] http://bladesys.demon.co.uk/ Blade Systems - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]