HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6, can i add Spring Security to this, just as a
drop in, is there any how to documents to add spring support to struts web
application
Ashish
On Tue, Mar 10, 2009 at 7:43 PM, Jim Kiley
Spring Security is it's own filter, and my experience is that it is
pretty easy to integrate with just about any type of web-app. As far
as existing tutorials, I'd say to check google.
-Wes
On Wed, Mar 11, 2009 at 9:52 AM, Ashish Kulkarni
ashish.kulkarn...@gmail.com wrote:
HiThanks for the
and Authentication Question
HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6, can i add Spring Security to this, just as a
drop in, is there any how to documents to add spring support to struts web
application
Ashish
On Tue, Mar 10, 2009 at 7:43 PM, Jim Kiley
-
From: Ashish Kulkarni [mailto:ashish.kulkarn...@gmail.com]
Sent: Wednesday, March 11, 2009 9:53 AM
To: Struts Users Mailing List
Subject: Re: [OT] Authorization and Authentication Question
HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6
: Ashish Kulkarni [mailto:ashish.kulkarn...@gmail.com]
Sent: Wednesday, March 11, 2009 9:53 AM
To: Struts Users Mailing List
Subject: Re: [OT] Authorization and Authentication Question
HiThanks for the suggestion, this application which i need to do this is
developed using Struts 1.2.6, can i
On Wed, Mar 11, 2009 at 3:23 PM, Ashish Kulkarni
ashish.kulkarn...@gmail.com wrote:
HiI was able to configure LDAP to do authentication, but how do i use
UserDetailsService,
is there any example of how to use this and implement it in my project to
get user and role from DB2 database
2009/3/11 Ashish Kulkarni ashish.kulkarn...@gmail.com:
HiI was able to configure LDAP to do authentication, but how do i use
UserDetailsService,
is there any example of how to use this and implement it in my project to
get user and role from DB2 database
I did that like this, extended
HiIs it possible to Authenticate user using LDAP, but authorize using a DB2
database,
I have situation where i need to authenticate and authorize some web pages.
I want to authenticate users against LDAP, but have to maintain
authorization list, roles etc in DB2 database
Has anyone done anything
On Tuesday 10 March 2009 17:56:30 Ashish Kulkarni wrote:
HiIs it possible to Authenticate user using LDAP, but authorize using a DB2
database,
I have situation where i need to authenticate and authorize some web pages.
I want to authenticate users against LDAP, but have to maintain
I'd agree. Have your UserDetailsService implementation hit LDAP for
authentication, and pass GrantedAuthorities[] on to the returned object by
asking DB2 about that info if the user is authenticated.
jk
On Tue, Mar 10, 2009 at 6:44 PM, Wes Wannemacher w...@wantii.com wrote:
On Tuesday 10 March
ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the s2 dispatcher).
--
View this message in context:
http://www.nabble.com/authentication-question
mojoRising wrote:
Thanks. That's interesting. I am using Weblogic9.2, and I seem to have no
problem using the request object in the jsp( for getParameter at least). I
am wondering what type of request object manipulation, as you are referring
to, may cause issues?
I don't recall
the necessary checks.
/Ian
--
View this message in context:
http://www.nabble.com/authentication-question-tp16006710p16121577.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL
I've been told that some older containers don't allow you to forward to
JSP's behind /WEB-INF. It wouldn't surprise me.
Other than that I've found Ian's suggestion to be the most effective way
to ensure users can't access JSPs directly, IMO a must for Tiles, html
fragments and any page using
Plus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly.
Minus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly... :-)
It depends on your requirements. But generally you will want to route
I use Acegi security to make sure that all of my pages are secure. I
find it very flexiable, but not always easy to configure.
If you are already using spring as you IoC, then you might as well take
advantage of Acegi.
Jeromy Evans wrote:
I've been told that some older containers don't
]
--
View this message in context:
http://www.nabble.com/authentication-question-tp16006710p16123101.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED
://www.nabble.com/authentication-question-tp16006710p16006710.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the
The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the
So I think I have it working and I didn't have to redirect the user,
which is good because that wasn't working anyway. I don't know if it
was JAAS or Struts, or what, but the login parameters were being
stripped from the request so they never got to the login page.
How I got it to work was
Adam Gordon wrote:
I think the solution is
going to be to redirect the user to the default main page manually w/
the login parameters and JAAS should take over from there...hopefully.
Except a redirect must be to a GET, not a POST, and it would be
unfortunate to include the login credentials
Let me get this straight: All pages in your webapp are protected (not
available to non-logged in users), so when someone who is logged in on
the company's main site tries to get to a page in your webapp, JAAS
catches it and sends them to your webapp's login page, which might be
able to glean
Yea, but in this case, it may be something we need to live with.
The login page scriptlet code looks for the login credentials in the
request and sets the appropriate form fields as well as a flag we use to
indicate whether the form should be submitted immediately upon loading
and in either
Laurie Harper wrote:
If you have a separate 'login' page (as opposed to having a login form
on each page) you might be able to get away with invalidating the
session when that page is shown, with the caveat that logged in users
would implicitly be logged out if they visit that page.
And in
I believe you are absolutely correct Laurie, because I've not yet seen a
way to get a handle to the LoginContext to call logout(). All we can do
is invalidate the session - which we do when the user logs out. This
removes the user principal from the request and indicates to JAAS that
the
See my comments in my response to Laurie. We're basically using dual
login pages, one on our main website (Apache) and the other in our
webapp. I'm currently toying with the idea of a Filter to detect the
subsequent logins against an already authenticated session.
--adam
Dale Newfield
Adam Gordon wrote:
For background, we actually have two login pages: on is the login page
that is running inside our webapp that is running JAAS and POSTs to
j_security_check at form submission time. The other page is our
company's main website (Apache) and users can log in here too. What
If you mean protecting the page w/ a security constraint, I think that
would be a problem in that JAAS would detect that it's a protected
resource and prompt the user to log in before hitting the login page and
upon a successful login would redirect the user to the login page after
they've
I don't think Container Managed Security has provisions for logging
users out, other than by expiring the session (and not even then if
you're relying on HTTP authentication rather than form-based).
If you have a separate 'login' page (as opposed to having a login form
on each page) you might
Hi-
We're using JAAS for webapp authentication and we've discovered an
issue: If user A is logged in and tries to log in as user B, they stay
logged in as user A. We know how to detect if a user's already
authenticated (we have some static objects stored on the session) but
we're not sure
Adam Gordon wrote:
We're using JAAS for webapp authentication and we've discovered an
issue: If user A is logged in and tries to log in as user B, they stay
logged in as user A.
Couldn't you protect the login form page and action so that they're only
accessible by a session without any
I'm very new to struts (and java for that matter) so my question might
be stupid but here goes:
I have an application that is based on companies and employees. Each
employee may have a single company. Also each employee has a user (which
is used by tomcat for authentication/authorization) and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eugen,
Eugen Stoianovici wrote:
Since I can't intercept the login form (which goes to j_security_check)
where should i put the code for setting those session values?
Ah, but you can intercept it!
You just need to think outside the container. Or,
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible to authenticate using AOP - writing interceptors for each
Mailing List
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible to authenticate
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed authentication always had some common
class that they extended. Now I am wondering whether it would be
feasible to authenticate using AOP - writing
Jimmy
-Original Message-
From: Tom Ziemer [mailto:[EMAIL PROTECTED]
Sent: donderdag 7 april 2005 16:58
To: Struts Users Mailing List
Subject: Authentication question
Hi everybody.
I've just started working on an application using Struts. In my previous
projects my actions that needed
hi
Using container managed authentication, can i relay request parameters(i.e.
username password) to
loginAction after successful authentication?
Because I want to construct a User bean and add it to Session after
successful authentication
but request parameters seem to get lost.
Thanks
struts Dude wrote:
hi
Using container managed authentication, can i relay request parameters(i.e.
username password) to
loginAction after successful authentication?
Because I want to construct a User bean and add it to Session after
successful authentication
but request parameters seem to get
40 matches
Mail list logo