Let me get this straight on how it works.
If I wanted to give out a URL to access my site and I was using CMA then I could give out http://whatever.com/login.do as the URL and the container would see that the user is not logged in and through them to the login page (specified in the web.xml for form based auth) and if that form posted to j_security_check, if successful auth, then they would be sent to login.do and in there I would just load up preferences and do whatever and in there forward to a personalized page etc? But if they tried to access the site with whatever.com/somethingElse.do (and not currently authenticated) then they would be asked to authenticate automatically at that point and then sent to somethingElse.do if auth was successful? So now if you could only direct me to a reference for getting CMA to work with JRun and Objectivity (I've read the docs out there and I must be missing a small detail for implementing custom login and I have no support contract from JRun). The login module stuff isn't hard it is configuring the custom User Manager that is so poorly documented. TIA -----Original Message----- From: Max Cooper [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 6:44 PM To: Struts Users Mailing List Subject: Re: CMA and LoginAction CMA does just-in-time authentication. You will only be authenticated on the way to viewing a protected resource. After your authentication succeeds, you will end up at the protected resource that you originally requested. This is very nice because logging in doesn't take the user off the course of what they were trying to achieve. But, it also means that you can't have users login at will, or issue an "unsolicited" login request by randomly posting to j_security_check. Actually, you can support this a bit by having the "Login" link take you to a protected resource, which will force the CMA to do the authentication routine along the way. Your protected resource might just redirect you back to the home page or something if that is what you want. You can't have a login form on every page, though, because the container won't know where to send them after they are logged in. This limitation also creates problems if users bookmark the login form page. This is one of the reasons I started the Security Filter project. It allows "unsolicited" login requests, and you can configure where users should be sent if they issue an "unsolicited" login request. It also supports just-in-time authentication like CMA, which is how it will work if Security Filter initates the authentication sequence in response to a request for a protected resource. http://securityfilter.sourceforge.net/ -Max looking for lots of securityfilter hits today ;-) ----- Original Message ----- From: "Bailey, Shane C." <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 7:28 AM Subject: RE: CMA and LoginAction > > This makes me think of another question. I have put implementing my CMA on > hold but I will need to know this soon: > > If you specify where to go prior to the CMA j_security_check call (by > describing the login form in the web.xml) why don't you have to describe the > "success" page (most likely an action) to go to as well? So where does a > successful CMA auth take you? > > I am guessing it goes to the welcome page also described in the web.xml? > > Anyway, if that is the case can you have your welcome page be > "userInitialize.do" ??? That would work right? > > > BTW, we started using Objectivity and JRun has LoginModules provided for > LDAP,Relational and XML storage and not oodb. I tried to write a custom > LoginModule (not really a problem) and a customer User manager class and it > hasn't worked. Anyone successful in such things? > > > > -----Original Message----- > From: Mohan Radhakrishnan [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 10:15 AM > To: 'Struts Users Mailing List' > Subject: CMA and LoginAction > > Hi > > I would like to use role based authentication. That is CMA. Now I > also want to call my Action class. The idea is to use > > <logic:present role="name"/> > > My Action class sets up user profiles based on the login ID etc. Is this > possible ? > > Mohan > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
