On the free side of things, I believe you could use a JNDI Realm in Tomcat for this purpose. You would need to roll your own SOAPInitialContextFactory and use that in the configuration of the JNDI Realm. Weblogic has an implementation of a SOAPInitialContextFactory: http://edocs.bea.com/wls/docs61/javadocs/weblogic/soap/http/SoapInitialConte xtFactory.html that may be configurable as part of a Weblogic security realm as well.
-Rob -----Original Message----- From: Tony Baity [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 9:57 AM To: Struts Users Mailing List Subject: RE: Any good suggestions on implementing Security Craig, Would you by any chance know anyone/anyproduct that instead of using JDBCRealm has create a SOAPRealm where the user data is available via a web service instead of a database? "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote: On Wed, 12 Feb 2003 [EMAIL PROTECTED] wrote: > Date: Wed, 12 Feb 2003 09:57:38 -0600 > From: [EMAIL PROTECTED] > Reply-To: Struts Users Mailing List > To: Struts Users Mailing List > Subject: RE: Any good suggestions on implementing Security > > > "Depending on the container, your groups and group memberships can be > dynamically mapped to roles, with declarative specification of what > resources can be accessed." > > Is this the case with tomcat? I did not think so. > It is. The element (in web.xml) includes a section that maps URL patterns to the role(s) that a user must have in order to access that URL. This is all in the servlet spec, and portable across containers. The only part that's not portable across containers is how you actually set up the users and roles database (in Tomcat terms, that is a matter of which Realm implementation you use). > Our needs our very similar. > The users with a admin page that allows them to change access to pages. > For Tomcat specifically, this can be done easily if you use a JDBCRealm to get user and role information from a database. Then, writing an admin program to manage users is just like any other database maintenance application -- just make it update the same tables that JDBCRealm is using to authenticate and authorize users. Struts also has some built-in support for checking roles dynamically during execution: * You can use a "roles" attribute on an to limit which users can execute that Action. * You can use to conditionally display parts of your UI to only people that have the role you specify. Craig > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . . . Tony Baity . . . --------------------------------- Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
